netlinks php cms SQL Injection Vulnerability

2014.04.12
Credit: H-SK33PY
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:\"powered by netlinks\" site:af

010101010101010101010101010101010101010101010101010101010 0 0 1 Iranian Datacoders Security Team 2010 - 2014 1 0 0 1 WWW.DataCoders.Org 1 010101010101010101010101010101010101010101010101010101010 ############################################ # Exploit Title: netlinks php cms SQL Injection Vulnerability # # Date: 12/04/2014 # # Author: H-SK33PY # # Vendor Link: http://www.netlinks.af/ # # Platform / Tested on: php/linux cpanel # # Google Dork: intext:"powered by netlinks" site:af # # Category: webapplications # # Code : [SQL injection] # # Our Website: http://www.datacoders.org/ # ############################################# this bug is in "tb" parameter in search section. example : http://Site/search POST /search HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 17 tb=as[sql injection here]&btn=Search+ Live demo : http://www.hdgroup.af/search POST: tb=as[sql injection here]&btn=Search+ http://www.nooragrogroup.com/search POST: tb=as[sql injection here]&btn=Search+ http://www.fdrc.gov.af/search POST: tb=as[sql injection here]&btn=Search+ Good Luck ############################################### # # # We Are: H-SK33PY | Immortal Boy | D4rkC0d3 | Noter | M4st3r4N0nY | Stormy | M0ri # # And All Iranian DataCoders Members # # Special TNX to Ahmadbady , Satanic2000 , Old Joker , S3Ri0uS , Pejvak # # l3l4ck.$c0rpi0n , Hellboy , A.Cr0x , # # # # Don't Forget => WwW.DataCoders.Org # ###############################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top