BS Script Directory (articlesdetails) remote SQL injection vulnerability

vendor:

BS Script Directory

by:

k4k4shi

7.5

CVSS

HIGH

SQL injection

CWE

Product Name: BS Script Directory

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

BS Script Directory (articlesdetails) remote SQL injection vulnerability

The vulnerability allows an attacker to execute SQL commands on the database through the 'id' parameter in the 'articlesdetails.php' script.

Mitigation:

The vendor should sanitize and validate user input to prevent SQL injection attacks. Users are advised to update to the latest version of the software.

Source

Exploit-DB raw data:

################################################################# 
# Exploit Title: BS Script Directory (articlesdetails) remote SQL injection vulnerability  
  
# Date: 16th july 2010 
  
# Author: k4k4shi 
  
#Critical:high 
  
#contact:lvy[at]live[dot]de
  
Price : 24.95 $ 
  
# Software Link:http://www.brotherscripts.com/
     
Shoutz to : http://ahbab-dz.com/fun and all members
 
  
############################################################################## 

Exploit : 

http://www.site.com/[path]/articlesdetails.php?id=[sqli] 

 
################################################################################## 

Gretz to : IsL@mDZnEt , mca-crb , jago-dz , lagripe-dz , mr-adel & algeriannes