SkaLinks - Link Exchange Script

vendor:

by:

mr.al7rbi

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: SkaLinks - Link Exchange Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SkaLinks – Link Exchange Script

A vulnerability in SkaLinks - Link Exchange Script allows an attacker to add an admin user by accessing the register.php page in the admin directory.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

                         ||          ||   | ||       
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,
                  ( :   /    (_)    /           (   . 

################################################################
#           SQL Injection
#
#           Found by ::: mr.al7rbi
#
#           Contact :::   n16 [at] live.com
#
#           my Group :::  mr.al7rbi team
#
################################################################

Title:   SkaLinks - Link Exchange Script
d0rk: 2005. Powered by SkaLinks - Link Exchange Script
DESCRIPTION:
add admin
EXPLOITS:
http://example.com/admin/register.php
example:
http://xxx.dk/partner/admin/register.php
Special  Greetz for :  tryag.cc/cc
Greetz : noaf_07 & aloosh  &  ili The General ili & fhad & all tryag members & all muslims

# milw0rm.com [2008-09-12]