Php-X-Links Script SQL Injection Vulnerabilitiy

vendor:

Php-X-Links Script

by:

H4ckCity Security Team

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Php-X-Links Script

Affected Version From: All Version

Affected Version To: All Version

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: GNU/Linux Ubuntu, Windows Server, win7

2012

Php-X-Links Script SQL Injection Vulnerabilitiy

The vulnerability exists in the rate.php, view.php and pop.php scripts, where an attacker can inject malicious SQL queries to the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

############################################################################
# Exploit Title: Php-X-Links Script SQL Injection Vulnerabilitiy
# Google Dork: "Powered by Php-X-Links"
# Date: 1/1/2012
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org  
# Version: All Version
# Category:: webapps
# Security Risk:: High
# Tested on: GNU/Linux Ubuntu - Windows Server - win7
############################################################################
#  Exploit:
#
#
#  http://www.target.com/links/rate.php?id=[SQLi]
#  http://www.target.com/links/view.php?cid=[SQLi]
#  http://www.target.com/links/pop.php?t=[SQLi]
#
############################################################################
# Special Thanks : Mehdi.H4ckcity-2MzRp-Mikili-M.Prince-Bl4ck.Viper-iC0d3R- 
# IrIsT-K0242-P0W3RFU7-Mr.M4st3r-Higher_Sense ,...
############################################################################
GreetZ : All H4ckCity Member - BHG Members
############################################################################