Multiple XSS and SQL Injection in Links Manager

Summary

Vulnerability
Multiple XSS and SQL Injection in Links Manager
Discovered
2006.08.21
Last Update
2006.08.31 Exploitation code published
ID
EV0136
CVE
CVE-2006-4327 CVE-2006-4328
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched. No reply from developer(s)
Vendor
CloudNine Interactive (http://www.cloudnineinteractive.co.uk/)
Vulnerable Software
Links Manager (http://www.cloudnineinteractive.co.uk/stuffforyou.htm)
Version
2006-06-12
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in Links Manager (http://www.cloudnineinteractive.co.uk/stuffforyou.htm) script.

1. SQL Injection.

Vulnerable script: admin.php

Parameter nick is not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off


2. Cross-Site Scripting.

Vulnerable Script: add_url.php

Parameters title description keywords are not properly sanitized. This can be used to post arbitrary HTML or web script code. This code will be executed when administrator will visit control panel for link approval.

PoC/Exploit

1. SQL Injection Example.

URL: http://host/admin.php
username: aaa' union select 123/*
password: 123


2. Cross-Site Scripting Example.

URL: http://host/add_url.php?c=1
Title: [XSS]
Description: [XSS]
Keywords: [XSS]

Solution.

Solution for "Multiple XSS and SQL Injection in Links Manager" is not available. Check CloudNine Interactive website for updates.

Order Source Code Audit

Prevent hacker attacks by source code review of your site made by Aliaksandr Hartsuyeu.The work will be done by experts in web security.

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>