WSN Links Script SQL Injection Vulnerabilitiy

vendor:

WSN Links

by:

H4ckCity Security Team

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: WSN Links

Affected Version From: All Version

Affected Version To: All Version

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: GNU/Linux Ubuntu, Windows Server, Windows 7

2012

WSN Links Script SQL Injection Vulnerabilitiy

An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'id' in the 'report.php' page. This can be used to extract sensitive information from the database or even execute system commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize all user input and use parameterized queries.

Source

Exploit-DB raw data:

############################################################################
# Exploit Title: WSN Links Script SQL Injection Vulnerabilitiy
# Google Dork: "Powered by WSN Links"
# Date: 1/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org  
# Software Link: http://scripts.webmastersite.net/wsnlinks
# Version: All Version
# Category:: webapps
# Security Risk:: High
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
############################################################################
#  Exploit:
#
#
#  http://www.target.com/links/report.php?id=[SQLi]
#
#
############################################################################
# Special Thanks : Mehdi.H4ckcity-2MzRp-Mikili-M.Prince-Bl4ck.Viper-iC0d3R- 
# IrIsT-K0242-P0W3RFU7-Mr.M4st3r-Higher_Sense ,...
############################################################################
GreetZ : All H4ckCity Member - BHG Members
############################################################################