BS Script Directory remote SQL injection vulnerability

vendor:

BS Script Directory

by:

D4rk357

7.5

CVSS

HIGH

SQL injection

CWE

Product Name: BS Script Directory

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

BS Script Directory remote SQL injection vulnerability

This exploit allows an attacker to perform remote SQL injection on the BS Script Directory software. By manipulating the 'id' parameter in the 'info.php' file, an attacker can inject malicious SQL queries and potentially gain unauthorized access to the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, keeping the software up to date with the latest patches and security updates can help prevent exploitation.

Source

Exploit-DB raw data:

#################################################################
# Exploit Title: BS Script Directory remote SQL injection vulnerability 

# Date: 15th july 2010

# Author: D4rk357

#Critical:high

#contact:d4rk357[at]yahoo[dot]in

Price : 24.95 $

# Software Link:http://www.brotherscripts.com/product_info.php?products_id=454
 
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant

Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
 
##############################################################################
Exploit url :
http://www.site.com/Scripts_Directory/info.php?id=[sqli]

 ##################################################################################
 #D4rk357