report.cgi SQL inj in Hot Links SQL
Summary
- Vulnerability
- report.cgi SQL inj in Hot Links SQL
- Discovered
- 2010.11.10
- Last Update
- n/a n/a
- ID
- EV0141
- CVE
- n/a
- Risk Level
- medium
- Type
- SQL injection
- Status
- Unpatched. Vendor notified. No reply from developer(s)
- Vendor
- Mrcgiguy (http://www.mrcgiguy.com/)
- Vulnerable Software
- Hot Links SQL 3
- Version
- 3.2.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL injection found in Hot Links SQL 3 script.
- report.cgi SQL Injection
- SQL injection found in id parameter of report.cgi script. This can be used to make any SQL query by injecting arbitrary SQL code. This vulnerability found in CGI version of Hot Links SQL 3
PoC/Exploit
- report.cgi id SQL injection exploit
- Parameter id doesn't pass SQL-injection filter.
- SQL injection example
- url: http://somesite/report.cgi?id=999; or 'a'='a
Solution.
Solution for "report.cgi SQL inj in Hot Links SQL" is not available. Check Mrcgiguy website for updates.