CVE-2009-0431

LinksPro Standard Edition - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0431. PoCs published by Pouya_Server.

AI-analyzed exploit summary The provided code is a writeup describing an SQL injection vulnerability in LinksPro. It outlines the vulnerability and provides a URL example demonstrating how an attacker could exploit it by injecting SQL commands via the OrderDirection parameter.

Description

SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Pouya_Server · textwebappsasp

https://www.exploit-db.com/exploits/32729

View Code ZIP pw:eip

The provided code is a writeup describing an SQL injection vulnerability in LinksPro. It outlines the vulnerability and provides a URL example demonstrating how an attacker could exploit it by injecting SQL commands via the OrderDirection parameter.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: LinksPro (version not specified)

No auth needed

Prerequisites: Access to the vulnerable LinksPro application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0901-exploits/linkspro-sql.txt

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33305

Scores

EPSS 0.0189

EPSS Percentile 76.8%

Details

CWE

CWE-89

Status published

Products (1)

codefixer/linkspro _nil_ _nil_

Published Feb 05, 2009

Tracked Since Feb 18, 2026