Codebase Business Directory Pro version 1.02 suffers from a remote SQL injection vulnerability.
d15c4152eaa5d4990211755c774ff35fbdb0b2fd2cad240e48272350019245f4
========================================================================
| # Title : codebase business directory pro 1.02 sql injection vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 FranASSais V.(Pro)
| # Version : v1.02
| # Vendor : http://dl.persianscript.ir/script/codebase-business-directory-pro-php-script1.02(PersianScript.ir).zip
========================================================================
Sql injection :
http://codebasedev.com/directoryapp/demo/plugins/custom_fields/search.php?city_id=San%20Francisco&field_1=1&field_3[]=Breakfast&q=%40%40m419c&select_all=on&submit=1 (inject her)
Login : /admin
Greetz :
jericho http://attrition.org & http://www.osvdb.org/ * http://packetstormsecurity.com * Larry W. Cashdollar*
Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be *
---------------------------------------------------------------------------------------------------------------