Some people have reported a SQL injection vulnerability for jLinks r.php and ws.php file.
<?php $_REQUEST["option"]="com_jlinks";$_REQUEST["controller"]="redirect";$_REQUEST["link"]=$_REQUEST["l"];include("index.php");
We want to inform everyone that this is NOT a SQL injection, and here is why?
First all this file does is do a soft redirect with a shorter URL.Anyone with some PHP knowledge will realize that:This is a hard coded string, not variable here so no injection: $_REQUEST["option"]="com_jlinks";This is a hard coded string, not variable here so no injection: $_REQUEST["controller"]="redirect";This $_REQUEST["link"]=$_REQUEST["l"], simply takes the value of one $_REQUEST and put it into another one, again for simplicity of URL.All variables ( option, controller, redirect) ARE filtered afterward when read and used.
The reason why a crawler or other people might say that it is...