ssLinks 'links.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193605 漏洞类型 SQL注入
发布时间 2006-09-06 更新时间 2006-09-13
CVE编号 CVE-2006-4598 CNNVD-ID CNNVD-200609-057
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006090033
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-057
|漏洞详情
ssLinks1.22的links.php中存在多个SQL注入漏洞,远程攻击者可以通过rate操作中的(1)go参数和(2)id参数执行任意SQL命令。
|漏洞EXP
Discovered by Sirdarckcat from elhacker.net

------------------------------------------------------------------------
------------

ssLinks v1.22 Multiple SQL Injection Vulnerabilities

http://scripts.incutio.com/sslinks/

------------------------------------------------------------------------
------------

SSLinks is a simple PHP Program for administrating

WebSite links exchange, and administration, with a

MySql database.

It suffers of multiple SQL Injection Vulnerabilities.

------------------------------------------------------------------------
------------

SQL Injection, "go"

links.php:24-27 => global.inc.php:543-569

The variable $id is never cleaned, so in both, UPDATE and SELECT statements, is a SQL Injection Bug.

------------------------------------------------------------------------
------------

SQL Injection, "rate"

links.php:48-51 => global.inc.php:514-549

The variable $id is never cleaned, so $id is exploitable, in both, the SELECT and UPDATE statements.

------------------------------------------------------------------------
------------

Att.

SirDarckCat

elhacker.net
|参考资料

来源:BID
名称:19815
链接:http://www.securityfocus.com/bid/19815
来源:BUGTRAQ
名称:20060902ssLinks<=v1.22MultipleSQLInjectionVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/445009/100/0/threaded
来源:VUPEN
名称:ADV-2006-3443
链接:http://www.frsirt.com/english/advisories/2006/3443
来源:SECUNIA
名称:21736
链接:http://secunia.com/advisories/21736
来源:BUGTRAQ
名称:20060928Re:ssLinks<=v1.22MultipleSQLInjectionVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/447319/100/0/threaded
来源:SREASON
名称:1505
链接:http://securityreason.com/securityalert/1505