iScripts Easybiller 1.1 SQL Injection

2010-06-07T00:00:00
ID PACKETSTORM:90328
Type packetstorm
Reporter Sid3 effects
Modified 2010-06-07T00:00:00

Description

                                        
                                            `# Title:iScripts easybiller v1.1 sqli vulnerability  
# Author: Sid3^effects   
# Published: 2010-06-05   
# price:$147  
# email:shell_c99@yahoo.com   
# vendor: iScripts  
# url : http://www.iscripts.com/easybiller/  
# google dork : Powered by iScripts EasyBiller  
  
############################################################################  
  
ooooo .oooooo. oooooo oooooo oooo   
  
`888' d8P' `Y8b `888. `888. .8'   
  
888 888 `888. .8888. .8'   
  
888 888 `888 .8'`888. .8'   
  
888 888 `888.8' `888.8'   
  
888 `88b ooo `888' `888'   
  
o888o `Y8bood8P' `8' `8'   
  
  
--------------------------------------------------------------------------------------   
  
#####################Sid3^effects aKa HaRi##################################   
  
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]   
  
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L,CR4C|< 008,M4n0j,MaYuR   
  
#ShouTZ:kedar,dec0d3r,41.w4r10r  
  
#spl shoutz:LiquidWorm,gunslinger_ :D   
  
#Catch us at www.andhrahackers.com or www.teamicw.in   
  
############################################################################   
Description :   
  
iScripts EasyBiller billing software is an easy way to automate and manage your businesses. iScripts EasyBiller, combined with an integrated helpdesk delivers a powerful, easy-to-use, integrated business solution.  
  
############################################################################   
  
Sql injection is found in the easybiller script V1.1  
  
Xploit :\m/ sqli \m/  
  
  
demo url:http://www.iscripts.com/easybiller/demo/viewhistorydetail.php?planid=[Sqli]  
  
  
############################################################################   
  
#Sid3^effects   
  
  
  
  
  
  
  
  
`