BID:51223

Php-X-Links Script Multiple SQL Injection Vulnerabilities

Info

Php-X-Links Script Multiple SQL Injection Vulnerabilities

Bugtraq ID:	51223
Class:	Input Validation Error
CVE:	CVE-2012-5098
Remote:	Yes
Local:	No
Published:	Jan 02 2012 12:00AM
Updated:	Sep 25 2012 04:30PM
Credit:	H4ckCity Security Team
Vulnerable:	Php-X-Links Php-X-Links Script 1.0

Not Vulnerable:

Discussion

Php-X-Links Script Multiple SQL Injection Vulnerabilities

Php-X-Links Script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Php-X-Links Script 1.0 is vulnerable; other versions may also be affected.

Exploit / POC

Php-X-Links Script Multiple SQL Injection Vulnerabilities

The following example URIs are available:

http://www.example.com/links/rate.php?id=[SQLi]
http://www.example.com/links/view.php?cid=[SQLi]
http://www.example.com/links/pop.php?t=[SQLi]

Solution / Fix

Php-X-Links Script Multiple SQL Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Php-X-Links Script Multiple SQL Injection Vulnerabilities

References:

Php-X-Links Script Homepage (Php-X-Links)