header-logo
Suggest Exploit
vendor:
SkyPortal WebLinks
by:
ByALBAYX
7.5
CVSS
HIGH
SQL Injection, Cross-Site Scripting
89
CWE
Product Name: SkyPortal WebLinks
Affected Version From: 0.12
Affected Version To: 0.12
Patch Exists: YES
Related CWE: CVE-2009-0590
CPE: a:skyportal:skyportal_weblinks
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0163/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1335/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0009-1-service-console-package-openssl-cve-2009-0590/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0590/https://www.rapid7.com/db/vulnerabilities/http-openssl-multiple-vulns-0-9-8k/https://www.rapid7.com/db/vulnerabilities/hpux-cve-2009-0590/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-0590/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0019-cve-2009-0590/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-0590/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-fbc8413f-2f7a-11de-9a3f-001b77d09812/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=55715https://www.infosecmatter.com/nessus-plugin-library/?id=63892https://www.infosecmatter.com/nessus-plugin-library/?id=40945https://www.infosecmatter.com/nessus-plugin-library/?id=46274https://www.infosecmatter.com/nessus-plugin-library/?id=55711https://www.infosecmatter.com/nessus-plugin-library/?id=44993https://www.infosecmatter.com/nessus-plugin-library/?id=60658https://www.infosecmatter.com/nessus-plugin-library/?id=75453https://www.infosecmatter.com/nessus-plugin-library/?id=43785https://www.infosecmatter.com/nessus-plugin-library/?id=89737
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

SkyPortal WebLinks v0.12 Multiple Vulnerabilities

SkyPortal WebLinks v0.12 is prone to multiple vulnerabilities, including SQL injection and cross-site scripting. An attacker can exploit these issues to manipulate SQL queries, steal cookie-based authentication credentials, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, and perform other attacks.

Mitigation:

Upgrade to the latest version of SkyPortal WebLinks v0.12
Source

Exploit-DB raw data:

@~~=======================================~~@
====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG=====
@~~=======================================~~@
@~~=Author   : ByALBAYX

@~~=Website  : WWW.C4TEAM.ORG

@~~=From     : Turkish
@~~=======================================~~@
@~~=Script   :SkyPortal  WebLinks v0.12 

@~~=S.Site   :http://skyportal.net

@~~=Download :http://www.skyportal.net/downloads/modules/mod_links_0_12.zip

@~~=Dty      :http://www.skyportal.net/dl.asp?title=WebLinks%20v0.12&cmd=6&cid=113

@~~=Demo     :http://vegtrafikk.net
@~~=======================================~~@

@~~=Vul:


@~~=http://c4team.org/ [PATH] /admin_links_admin.asp

@~~=http://c4team.org/ [PATH] /admin_links_urledit.asp

@~~=http://c4team.org/ [PATH] /admin_links_browse.asp

@~~=http://c4team.org/ [PATH] /admin_links_adminsubcat.asp

@~~=http://c4team.org/ [PATH] /admin_links_addnew.asp


@~~=Demo:

@~~=http://vegtrafikk.net/admin_links_admin.asp

vs..   vs..   vs..
@~~=======================================~~@
@~~=Greetz For
  
@~~=Str0ke & Kralman & Mrabah12R & K3vin Mitnick & web-terrorist & Silent & SpotGang
@~~=======================================~~@
Derdimi dinledim, derdimden iGRENDiM...
Onun derdini gordum, derdime iMRENDiM...
FilistiN
@~~=======================================~~@

# milw0rm.com [2009-02-25]

Navigation

Suggest Exploit

Services By CQR