Scripts Feed Business Directory - SQL Injection

EDB-ID:

11592

Author:

Crux

Type:

webapps

Platform:

PHP

Published:

2010-02-27

==============================================================================
    [~] Scripts Feed Business Directory SQL Injection Vulnerability
==============================================================================
    [+] My home          [ http://hack-tech.com ]
    [+] Date Submitted:  [ February 27 2010 ]
    [+] Founder:         [ Crux ]
    [+] Vendor:          [ Scriptsfeed ]
    [+] Version:         [ ALL ]
    [+] Download:        [ http://www.scriptsfeed.com/business-directory.html ]


[ EXPLOIT ]
- This vulnerability affects login.php
-The POST variables 'us' and 'ps' are vulnerable.

[ ATTACK DETAILS ]
us=user&ps=${SQLINJECTIONHERE}&s1=LOGIN

==============================================================================