Today I am releasing my Specialist Bed and Breakfast Website SQL Injection Exploit (remote).
The Specialist Bed and Breakfast Website SQL Injection Exploit takes advantage of a SQL injection vulnerability JaMbA discovered on 30th June 2010. The exploit source code also contains the table structure of the vulnerable product.
About the vulnerability
Learn more about the vulnerability here.
– Check if provided URL is reachable
– Error handling for HTTP requests
– Display current database, MySQL user and the MySQL version
– Display the admin login data
– Easy to use (everything is simple and automated)
– User agent for HTTP requests
Written in Python (less than 400 lines).
python bed_and_breakfast_sploit.py – u “http://target/site/pages.php?fid=0,1,472&pp_id=84”
Only use this tool to check websites you are allowed to test (e.g. for penetration testing). Never use this tool on foreign websites! Know and respect your local laws! I am not responsible if you cause any damage or run into trouble. This tool was written for educational purposes only.