[3/5] Softbiz Web Host Directory Script “host_id” SQL Injection
April 30th, 2008 by 
[3/5] Softbiz Web Host Directory Script “host_id” SQL Injection
:M.Hasran Addahroni has reported a vulnerability in Softbiz Web Host Directory Script, which can be exploited by malicious people to conduct SQL injection attacks.Input passed to the "host_id" parameter in search_result.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.Successful exploitation requires that "magic_quotes_gpc" is disabled.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:M.Hasran AddahroniOriginal Advisory:http://milw0rm.com/exploits/5517
Original post by Pankaj
[3/5] Softbiz Web Host Directory Script “host_id” SQL Injection
Related Articles:
[3/5] Softbiz Jobs and Recruitment Script “cid” SQL Injection [3/5] Softbiz Recipes Portal Script “sbcat_id” SQL Injection [3/5] Softbiz Freelancers Cross-Site Scripting and SQL Injection [4/5] Jeebles Directory Information Disclosure and PHP Code Execution [4/5] IAPR COMMENCE “php_root_path” / “privilege_root_path” File Inclusion
Posted in Advisories - Exploits | 
| [3/5] Softbiz Web Host Directory Script “host_id” SQL Injection