Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14124
HistorySep 02, 2006 - 12:00 a.m.

[Full-disclosure] ssLinks v1.22 Multiple SQL Injection Vulnerabilities

2006-09-0200:00:00
vulners.com
26
JSON

Discovered by Sirdarckcat from elhacker.net

ssLinks v1.22 Multiple SQL Injection Vulnerabilities
http://scripts.incutio.com/sslinks/

SSLinks is a simple PHP Program for administrating
WebSite links exchange, and administration, with a
MySql database.

It suffers of multiple SQL Injection Vulnerabilities.

SQL Injection, "go"
links.php:24-27 => global.inc.php:543-569
The variable $id is never cleaned, so in both, UPDATE and SELECT statements,
is a SQL Injection Bug.

SQL Injection, "rate"
links.php:48-51 => global.inc.php:514-549
The variable $id is never cleaned, so $id is exploitable, in both, the
SELECT and UPDATE statements.

Att.
SirDarckCat
elhacker.net

JSON