LFI to RCE via access_log injection

on
18

EthicLinks SQL Injection and XSS Vuln

on 
[o] EthicLinks SQL Injection and XSS Vulnerability
Software : EthicLinks
Vendor   : http://ethiclinks.com/
Author   : NoGe


[o] Vulnerable file
link.php
links.php
ethiclinks.php


[o] Exploit
http://localhost/[path]/link.php?cat_id=[SQL] & [XSS]
http://localhost/[path]/links.php?cat_id=[SQL] & [XSS]
http://localhost/[path]/ethiclinks.php?cat_id=[SQL] & [XSS]


[o] Dork
"Powered by EthicLinks"


Comments

evilc0de said…
eh bikin satu site untuk private script aje cuy...
April 24, 2009 at 11:41 AM
Post a Comment