header-logo
Suggest Exploit
vendor:
GoldLink
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: GoldLink
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

GoldLink SQL Injection Vulnerability

GoldLink is prone to SQL injection attacks due to insufficient validation of values supplied via cookies. This may allow attackers to manipulate SQL queries, potentially resulting in information disclosure, bulletin board compromise or other consequences. An example of the attack is using the vadmin_login and vadmin_pass values of ' OR Login LIKE '% and ' OR Password LIKE '% respectively.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8847/info

GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in information disclosure, bulletin board compromise or other consequences. 

vadmin_login = ' OR Login LIKE '%

and

vadmin_pass = ' OR Password LIKE '%

Navigation

Suggest Exploit

Services By CQR