Exploit Database - Logo

SoftBiz FAQ 1.1 - refer_friend.php id Parameter SQL Injection

EDB-ID: 26675 Author: r0t Published: 2005-11-30
CVE: CVE-2005-3938 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/15653/info
  
Softbiz FAQ is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query.
  
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
  
Softbiz FAQ 1.1 and prior versions are vulnerable; other versions may also be affected. 

http://www.example.com/refer_friend.php?id=[SQL]

Related Exploits

Trying to match CVEs (1): CVE-2005-3938
Trying to match OSVDBs (1): 21259
Other Possible E-DB Search Terms: SoftBiz FAQ 1.1,  SoftBiz FAQ
Date D V Title Author
2005-11-30Download Exploit Code Verified SoftBiz FAQ 1.1 - 'index.php' cid Parameter SQL Injectionr0t
2005-11-30Download Exploit Code Verified SoftBiz FAQ 1.1 - add_comment.php id Parameter SQL Injectionr0t
2005-11-30Download Exploit Code Verified SoftBiz FAQ 1.1 - faq_qanda.php id Parameter SQL Injectionr0t
2005-11-30Download Exploit Code Verified SoftBiz FAQ 1.1 - print_article.php id Parameter SQL Injectionr0t
Menu