Scripts Feed Business Directory SQL Injection Vulnerability

vendor:

Business Directory

by:

Crux

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Business Directory

Affected Version From: ALL

Affected Version To: ALL

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Scripts Feed Business Directory SQL Injection Vulnerability

This vulnerability affects login.php, where the POST variables 'us' and 'ps' are vulnerable. An attacker can inject malicious SQL code into the 'us' and 'ps' variables to gain access to the system.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

==============================================================================
    [~] Scripts Feed Business Directory SQL Injection Vulnerability
==============================================================================
    [+] My home          [ http://hack-tech.com ]
    [+] Date Submitted:  [ February 27 2010 ]
    [+] Founder:         [ Crux ]
    [+] Vendor:          [ Scriptsfeed ]
    [+] Version:         [ ALL ]
    [+] Download:        [ http://www.scriptsfeed.com/business-directory.html ]


[ EXPLOIT ]
- This vulnerability affects login.php
-The POST variables 'us' and 'ps' are vulnerable.

[ ATTACK DETAILS ]
us=user&ps=${SQLINJECTIONHERE}&s1=LOGIN

==============================================================================