Discovered by Sirdarckcat from <a href="http://elhacker.net">elhacker.net</a><br>------------------------------------------------------------------------------------<br><br>ssLinks v1.22 Multiple SQL Injection Vulnerabilities
<br><a href="http://scripts.incutio.com/sslinks/">http://scripts.incutio.com/sslinks/</a><br><br>------------------------------------------------------------------------------------<br><br>SSLinks is a simple PHP Program for administrating
<br>WebSite links exchange, and administration, with a<br>MySql database.<br><br>It suffers of multiple SQL Injection Vulnerabilities.<br><br>------------------------------------------------------------------------------------
<br><br>SQL Injection, &quot;go&quot;<br><span style="white-space: pre;">        </span><span style="white-space: pre;">        </span>links.php:24-27 =&gt; global.inc.php:543-569<br><span style="white-space: pre;">        </span>The variable $id is never cleaned, so in both, UPDATE and SELECT statements, is a SQL Injection Bug.
<br><span style="white-space: pre;">        </span><br>------------------------------------------------------------------------------------<br><br>SQL Injection, &quot;rate&quot;<br><span style="white-space: pre;">        </span><span style="white-space: pre;">
        </span>links.php:48-51 =&gt; global.inc.php:514-549<br><span style="white-space: pre;">        </span>The variable $id is never cleaned, so $id is exploitable, in both, the SELECT and UPDATE statements.<br><span style="white-space: pre;">
        </span><br>------------------------------------------------------------------------------------<br><br>Att.<br>SirDarckCat<br><a href="http://elhacker.net">elhacker.net</a>