addalink <= 4 Write Approved Links Remote Vulnerability

ID EDB-ID:6482
Type exploitdb
Reporter Pepelux
Modified 2008-09-17T00:00:00


addalink <= 4 Write Approved Links Remote Vulnerability. CVE-2008-4146. Webapps exploit for php platform

addalink &lt;= 4 - beta / Write approved links without a previous moderation by the admin

$ Program: addalink
$ Version: &lt;= 4 - beta
$ File affected: add_link.php
$ Download:

Found by Pepelux &lt;pepelux[at];
eNYe-Sec -

Linklist is a miniwebsite that you can use in your webpage. Basically it 
manages a database of links using PHP+MySQL. Users can send links (url, 
description, etc) by a form and one admin has to approve or delete the 
links before the publication in the website.

One not very important problem is that add_link.php doesn't test the 
method used (GET or POST). But the real problem is the method to insert 
some values. 

Reading the code you can see the SQL sentence:

INSERT INTO $linktable VALUES('0','$url','$linkname','$approved=0','$email',

It asign values to approved and counter directly in the SQL sentence. For that,
you can enter links approved without moderation writing this:


Also you can alter the counter of visits if you add &counter=XXXX to the GET

-= Solution =-

$approved = 0;
$counter = 0;

INSERT INTO $linktable VALUES('0','$url','$linkname','$approved','$email',

# [2008-09-17]