by r0t,der4444,cembo,VietMafia

Tuesday, December 13, 2005

Link Up Gold vuln.

Link Up Gold vuln.

Vuln. dicovered by : r0t
Date: 13 dec. 2005
affected version:2.5 and prior

Product Description:

An unique script for running your own linksite/search engine. Hundreds of advanced features: Unlimited number of categories in an unlimited number of levels, aliases@ for categories (cross-linked directories, the same feature that have big search engines like Yahoo or Dmoz), unlimited number of links and articles, fully featured paid links (advertisers can pay by using any payment company, also PayPal IPN supported), rating system, fully customizable pages by using templates (all public pages are editable in any HTML editor), multiple skins (15 styles bundled with the software), blacklist, multiple administrators with different rights, integrated poll, ability to count incoming and outgoing hits, user registration, mailing lists, reviews for links and articles, message board and many more. Links and articles may be sorted by title, popularity, incoming hits, date added etc. Pages are dynamic (php extension), also a plugin to create static html files or use Apache Rewrite is available.

Vuln. Description:

1. SQL
Link Up Gold contains a flaw that allows a remote sql injection attacks.Input passed to the "number" parameter in "poll.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "link" "direction" "sort" "phrase[]" parameters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.







Edit the source code to ensure that input is properly sanitised.


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew