iScripts easybiller v1.1 sqli vulnerability

vendor:

EasyBiller

by:

Sid3^effects

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: EasyBiller

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:iscripts:easybiller

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

iScripts easybiller v1.1 sqli vulnerability

iScripts EasyBiller billing software is an easy way to automate and manage your businesses. iScripts EasyBiller, combined with an integrated helpdesk delivers a powerful, easy-to-use, integrated business solution. SQL injection is found in the easybiller script V1.1. The exploit can be found at http://[url]/easybiller/demo/viewhistorydetail.php?planid=[Sqli].

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Title:iScripts easybiller v1.1 sqli vulnerability
# Author: Sid3^effects 
# Published: 2010-06-05  
# price:$147
# email:shell_c99@yahoo.com 
# vendor: iScripts
# url : http://www.iscripts.com/easybiller/
# google dork : Powered by iScripts EasyBiller

############################################################################

        ooooo  .oooooo.  oooooo   oooooo     oooo  

        `888' d8P'  `Y8b  `888.    `888.     .8'  

         888 888           `888.   .8888.   .8'  

         888 888            `888  .8'`888. .8'  

         888 888             `888.8'  `888.8'   

         888 `88b    ooo      `888'    `888'  

        o888o `Y8bood8P'       `8'      `8'     

                                           
--------------------------------------------------------------------------------------  

#####################Sid3^effects aKa HaRi##################################  

#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]  

#Thanks:*L0rd ÇrusAdêr*,d4rk-blu?®,R45C4L,CR4C|< 008,M4n0j,MaYuR  

#ShouTZ:kedar,dec0d3r,41.w4r10r

#spl shoutz:LiquidWorm,gunslinger_ :D       

#Catch us at www.andhrahackers.com or www.teamicw.in  

############################################################################  
Description : 
 
iScripts EasyBiller billing software is an easy way to automate and manage your businesses. iScripts EasyBiller, combined with an integrated helpdesk delivers a powerful, easy-to-use, integrated business solution.

############################################################################  

Sql injection is found in the easybiller script V1.1

Xploit :\m/  sqli \m/


   demo:http://[url]/easybiller/demo/viewhistorydetail.php?planid=[Sqli]

          
############################################################################  

#Sid3^effects