Scripts Feed Business Directory SQL Injection Vulnerability

2010-02-27T00:00:00
ID EDB-ID:11592
Type exploitdb
Reporter Crux
Modified 2010-02-27T00:00:00

Description

Scripts Feed Business Directory SQL Injection Vulnerability. CVE-2010-1092. Webapps exploit for php platform

                                        
                                            ==============================================================================
    [~] Scripts Feed Business Directory SQL Injection Vulnerability
==============================================================================
    [+] My home          [ http://hack-tech.com ]
    [+] Date Submitted:  [ February 27 2010 ]
    [+] Founder:         [ Crux ]
    [+] Vendor:          [ Scriptsfeed ]
    [+] Version:         [ ALL ]
    [+] Download:        [ http://www.scriptsfeed.com/business-directory.html ]


[ EXPLOIT ]
- This vulnerability affects login.php
-The POST variables 'us' and 'ps' are vulnerable.

[ ATTACK DETAILS ]
us=user&ps=${SQLINJECTIONHERE}&s1=LOGIN

==============================================================================