by r0t,der4444,cembo,VietMafia

Monday, November 28, 2005

Softbiz B2B trading Marketplace Script SQL inj.

Softbiz B2B trading Marketplace Script SQL inj.
Vuln. dicovered by : r0t
Date: 28 nov. 2005
affected version:1.1and prior

Product Description:
Our B2B trading Marketplace Script is a wonderful solution to launch your own global trading site like well known Just perfect to launch your own top quality trading portal. It is a COMPLETE SCRIPT with quality features like Product Catalog, Company profiles, Sell Offers, Buy Offers, Complete internal messaging, Three membership levels : Gold, Silver and Bronze.

Vuln. description:
Input passed to the "cid" parameter in "selloffers.php","buyoffers.php" ,"products.php","profiles.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Anonymous salman told...

Can you please help me in sanitising the code. I can supply you the affeted files code

9:26 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew