Advertisement






Codebase Business Directory Pro 1.02 SQL Injection

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2016-07-19
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016070140

Below is a copy:

Codebase Business Directory Pro 1.02 SQL Injection========================================================================
| # Title     : codebase business directory pro 1.02 sql injection vulnerability
| # Author    : indoushka
| # email     : [email protected]
| # Tested on : windows 8.1 FranASSais V.(Pro)
| # Version   : v1.02
| # Vendor    : http://dl.persianscript.ir/script/codebase-business-directory-pro-php-script1.02(PersianScript.ir).zip
========================================================================

Sql injection :

http://codebasedev.com/directoryapp/demo/plugins/custom_fields/search.php?city_id=San%20Francisco&field_1=1&field_3[]=Breakfast&q=%40%40m419c&select_all=on&submit=1 (inject her)

Login : /admin


Greetz : 
jericho  http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * Larry W. Cashdollar*
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be *
---------------------------------------------------------------------------------------------------------------


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.