iScripts Easybiller 1.1 remote SQL injection

2010-06-07 / 2010-06-08
Credit: Sid3^effects
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-5034
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Title:iScripts easybiller v1.1 sqli vulnerability # Author: Sid3^effects # Published: 2010-06-05 # price:$147 # email:shell_c99@yahoo.com # vendor: iScripts # url : http://www.iscripts.com/easybiller/ # google dork : Powered by iScripts EasyBiller ############### ###Sid3^effects aKa HaRi#### #Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] #Thanks:*L0rd rusAd&#234;r*,d4rk-blu&#65533;reg;,R45C4L,CR4C|< 008,M4n0j,MaYuR #ShouTZ:kedar,dec0d3r,41.w4r10r #spl shoutz:LiquidWorm,gunslinger_ :D #Catch us at www.andhrahackers.com or www.teamicw.in ############### Description : iScripts EasyBiller billing software is an easy way to automate and manage your businesses. iScripts EasyBiller, combined with an integrated helpdesk delivers a powerful, easy-to-use, integrated business solution. ############### Sql injection is found in the easybiller script V1.1 Xploit :m/ sqli m/ demo url:http://www.iscripts.com/easybiller/demo/viewhistorydetail.php?planid=[Sqli] ############### #Sid3^effects

References:

http://xforce.iss.net/xforce/xfdb/59150
http://www.vupen.com/english/advisories/2010/1359
http://www.exploit-db.com/exploits/13741/
http://secunia.com/advisories/40088
http://packetstormsecurity.org/1006-exploits/iscriptseasybiller-sql.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top