1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
Name :   Bs Events_Locator Script Sqli Vulnerability
Date : july 5,2010
Critical Level  : HIGH
vendor URL :http://www.brotherscripts.com/
Price:$24.95
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description :
BS Events Directory software allows users to browse and search for events. The listings are detailed with features, photos, descriptions, ratings, reviews, contact information and driving directions linked to MapQuest. Users can also open an account and save their favorite ads to an online account.
 
Users can also post their ads. After an user has registered, they are able to select and buy a package depending on the length of time they would like their listings to be displayed. Payment can be done via PayPal or 2Checkout and registration is automated. The user will receive a few emails - 10 days before his account will expire, 5 days, 1 day. 24 hours after his account expiration date, all his listings and his account will be deleted automatically.
#######################################################################################################
Xploit :SQli Vulnerability
 
DEMO URL 1:http://server/Events_Locator/search.php?c=[sqli]
 
###############################################################################################################
# 0day no more
# Sid3^effects