LinkPal Vulnerabilities Result in SQL Injections and Cross Site Scripting

It provides me with a great amount of satisfaction to be able to bring you the latest and up to date computer security vulnerability news. I would like to bring to your attention the factor that various vulnerabilities have been reported in LinkPal, which may prove problematic futuristically.

First things first, let me enlighten you as to exactly what LinkPal is. LinkPal is an effective and easy to use web application, that allows its user to take their favorite links anywhere. All you need in order to get to your links is a computer and internet access. This application is geared for all those internet users, who get irritated by constantly clicking on "favorites" and waiting. LinkPal is compatible with a majority of internet browsers, with the inclusion of Internet Explorer 6. Some of the files of Internet Explorer 6 include but are not limited to the following:CRMFT_COMPENSATOR.DLL, CREATLOG.BAT, creatfil.exe, CREATE.BAT as well as CRASHTST.SYS.

One vulnerability that has been reported refers to an error when logging in from the login page.z_admin_login.asp, it is not adequately sanitized prior to being used in SQL queries. This error may of course be exploited to manipulate SQL, this occurs through the injection of arbitrary SQL code. If this vulnerability is exploited with vast degrees of success, then it will result in malicious characters being able to bypass the login functionality with precision and ease.

The second vulnerability relates to an error which occurs when input is passed on the parameter of the page, in some scripts. The one script, z_loginfailed.asp, z_admin_login.asp, and z_forgot.asp are not correctly sanitized, before it has been returned to the direct user. The exploitation of this vulnerability will result in malicious characters being able to execute arbitrary HTML and script code in the browsing session of a user, with regards to an affected site.

Table 1. The impact of the LinkPal vulnerabilities

These vulnerabilities have been rated as moderately critical. You are probably all wondering what the solution to these dangerous vulnerabilities are? The solution is for all users to actually go as far as filtering the malicious characters as well as the character sequences by using a proxy. This shall rectify the problem and ensure a safer and more enjoyable LinkPal experience.