2daybiz B2B Portal Script Sql Injection

vendor:

B2B Portal Script

by:

r45c4l

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: B2B Portal Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: 2daybiz:b2bportal_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

2daybiz B2B Portal Script Sql Injection

An attacker can exploit a SQL injection vulnerability in the 2daybiz B2B Portal Script by sending malicious SQL queries to the vulnerable parameter 'cat_id' in the URL 'www.site.com/products/business2business/selling_buy_leads1.php?cat_id=[SQLI]'. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title:   2daybiz B2B Portal Script Sql Injection
# Date: 25/06/2010
# Author: r45c4l
# Email: r45c4l[at]hotmail[dot]com
# Site : www.garage4hackers.com 
# Script url: http://www.2daybiz.com/b2bportal_script.html
# Version: N/A
# Tested on: Windows
# CVE : ()
 
:::::::::::::::::::::::::
 
:::::::::::::::::::::::::
 
=================Exploit======
                                    ---Indian Cyber warriors---

 
[ EXPL0!T ]

  SQL Injection
 
 p0c - www.site.com/products/business2business/selling_buy_leads1.php?cat_id=[SQLI]


===========================================================
 
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Sandeep, Th3 RDX,

	    Vaibhav, All members of ICW and Hackers Garage, and all Indian Hackers 

Greetz to: Lucky and Atul and team ICA

PROUD TO BE AN INDIAN

c0d3 for motherland, h4ck for motherland

Special Greetz to : www.hack0wn.com    www.exploits-db.com   www.inj3ct0r.com
 
=== End () ====