header-logo
Suggest Exploit
vendor:
City Directory Review and Rating Script
by:
3spi0n
8,8
CVSS
HIGH
SQL Injection [MySQLi]
89
CWE
Product Name: City Directory Review and Rating Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 12.10, Win7
2012

City Directory Review and Rating Script SQL Injection

City Directory Review and Rating Script is vulnerable to SQL Injection. The vulnerability exists in the 'search.php' page, where user-supplied input is not properly sanitized before being used in a SQL query. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in an unsafe manner. Parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: City Directory Review and Rating Script SQL Injection
Vulnerability
# Date: 22.12.2012
# Author: 3spi0n
# Script Vendor or Software Link:
http://b-scripts.com/en/18-city-reviewer-yelp-clone.html
# Category: WebApps
# Type: SQL Injection [MySQLi]
# Tested On: Ubuntu 12.10 - Win7

=================================================
# Demo: http://b-scripts.com/demo/city_reviewer/

# MySQLi Detected On:
http://server/city_reviewer/search.php?category=6


=================================================

# My Blog: www.Ryuzaki.in
# Social : Twitter.com/bariiiscan
# My Team: Grayhatz Inc. & Agedz Corp.
# Turkey.

Navigation

Suggest Exploit

Services By CQR