| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 2 Sep 2006 00:32:05 -0000 From: sirdarckcat@...il.com To: bugtraq@...urityfocus.com Subject: ssLinks <=v1.22 Multiple SQL Injection Vulnerabilities Discovered by Sirdarckcat from elhacker.net ------------------------------------------------------------------------------------ ssLinks v1.22 Multiple SQL Injection Vulnerabilities http://scripts.incutio.com/sslinks/ ------------------------------------------------------------------------------------ SSLinks is a simple PHP Program for administrating WebSite links exchange, and administration, with a MySql database. It suffers of multiple SQL Injection Vulnerabilities. ------------------------------------------------------------------------------------ SQL Injection, "go" links.php:24-27 => global.inc.php:543-569 The variable $id is never cleaned, so in both, UPDATE and SELECT statements, is a SQL Injection Bug. ------------------------------------------------------------------------------------ SQL Injection, "rate" links.php:48-51 => global.inc.php:514-549 The variable $id is never cleaned, so $id is exploitable, in both, the SELECT and UPDATE statements. ------------------------------------------------------------------------------------ Att. SirDarckCat elhacker.net
Powered by blists - more mailing lists