https://www.exploit-db.com/exploits/22088
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-719

MyPHPLinks是由MyPHPSoft开发维护的开放源代码PHP应用程序，可使用在Unix、Linux、Windows操作系统下。MyPHPLinks中的checksession.php脚本对idsession变量缺少正确检查，远程攻击者可以利用这个漏洞绕过验证无需密码访问管理接口。checksession.php脚本对用户的权限检查基于idsession变量，由于对由用户提交的idsession变量值缺少充分的过滤，攻击者可以提供类似”=”的变量值给脚本判断，可修改SQL查询而绕过验证，未授权访问管理员接口。

source: http://www.securityfocus.com/bid/6395/info

MyPHPLinks is a freely available, open source PHP application distributed by MyPHPSoft. It is available for Unix, Linux, and Microsoft Windows operating systems.

It has been reported that a problem with the checking of input by MyPHPLinks exists. A problem in the checking of the idsession variable used by MyPHPLinks to verify Administrator access may allow a remote user to gain access to the host. This problem could allow an attacker to gain administrator access to the MyPHPLinks section of a web site.

http://www.example.com/admin/index.php?idsession='%20OR%20''='

来源:XF
名称:myphplinks-index-sql-injection(10864)
链接:http://xforce.iss.net/xforce/xfdb/10864
来源:BID
名称:6395
链接:http://www.securityfocus.com/bid/6395
来源:BUGTRAQ
名称:20021214MyPHPLinks(PHP):SQLInjection
链接:http://archives.neohapsis.com/archives/bugtraq/2002-12/0134.html
来源：NSFOCUS
名称：4061
链接：http://www.nsfocus.net/vulndb/4061