vendor:
Flippy LinkShare – Visual Link Sharing Websites Builder
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Flippy LinkShare – Visual Link Sharing Websites Builder
Affected Version From: 2.1.0
Affected Version To: 2.1.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:flippyscripts:flippy_linkshare_visual_link_sharing_websites_builder:2.1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Flippy LinkShare – Visual Link Sharing Websites Builder Script v2.1.0 – SQL Injection
Flippy LinkShare – Visual Link Sharing Websites Builder Script v2.1.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerable URLs are profile.php?id=[SQL], cat.php?cid=[SQL], user_posts.php?id=[SQL], etc. An example of a malicious SQL query is -9999+/*!50000union*/+select+1,2,3,4,concat_ws(0x3a,adminuser,0x3a,adminpassword),6,7,8,9,10,11,12,13,14,15+from+admin--.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query. Additionally, parameterized queries should be used to prevent SQL injection attacks.
