header-logo
Suggest Exploit
vendor:
Bs Home_Classifieds Script
by:
Sid3^effects aKa HaRi
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Bs Home_Classifieds Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Bs Home_Classifieds Script Sqli Vulnerability

BrotherScripts.com offers a real estate classifieds software which allows home buyers to browse and search available properties. Agents can also list their properties. After a new seller has registered, they are able to select and buy a package depending on how many offers they would like to to post and for the length of time they would like to post them. Payments can be done via PayPal or 2Checkout. The vulnerability is a SQL injection which can be exploited by sending malicious SQL queries to the vulnerable web application. The vulnerable URLs are http://server/Home_Classifieds/search.php?c=[sqli] and http://server/Home_Classifieds/articlesdetails.php?id=[sqli].

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :   Bs Home_Classifieds Script Sqli Vulnerability
Date : july 5,2010
Critical Level 	: HIGH
vendor URL :http://www.brotherscripts.com/
Price:$24.95
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description : 
Make your own real estate classifieds website with BrotherScripts.com. We are offering a well-built real estate classifieds software (with nice easy editable templates) which allows home buyers to browse and search available properties. The property listings are highly detailed with features, photos, agent/individual information and driving directions linked to MapQuest.
Agents can also list their properties. After a new seller has registered, they are able to select and buy a package depending on how many offers they would like to to post and for the length of time they would like to post them. Payments can be done via PayPal or 2Checkout. Look through the features below to check out more.

#######################################################################################################
Xploit :SQli Vulnerability

DEMO URL 1:http://server/Home_Classifieds/search.php?c=[sqli]

DEMO URL 2:http://server/Home_Classifieds/articlesdetails.php?id=[sqli]

###############################################################################################################
# 0day no more 
# Sid3^effects

Navigation

Suggest Exploit

Services By CQR