Codebase Business Directory Pro 1.02 SQL Injection

2016-07-18T00:00:00
ID PACKETSTORM:137945
Type packetstorm
Reporter indoushka
Modified 2016-07-18T00:00:00

Description

                                        
                                            `========================================================================  
| # Title : codebase business directory pro 1.02 sql injection vulnerability  
| # Author : indoushka  
| # email : indoushka4ever@gmail.com  
| # Tested on : windows 8.1 FranASSais V.(Pro)  
| # Version : v1.02  
| # Vendor : http://dl.persianscript.ir/script/codebase-business-directory-pro-php-script1.02(PersianScript.ir).zip  
========================================================================  
  
Sql injection :  
  
http://codebasedev.com/directoryapp/demo/plugins/custom_fields/search.php?city_id=San%20Francisco&field_1=1&field_3[]=Breakfast&q=%40%40m419c&select_all=on&submit=1 (inject her)  
  
Login : /admin  
  
  
Greetz :   
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * Larry W. Cashdollar*  
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be *  
---------------------------------------------------------------------------------------------------------------  
`