Bs General_Classifieds Script SQL Injection Vulnerability

2010-07-05T00:00:00
ID EDB-ID:14228
Type exploitdb
Reporter Sid3^effects
Modified 2010-07-05T00:00:00

Description

Bs General_Classifieds Script SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Bs General_Classifieds Script Sqli Vulnerability
Date : july 5,2010
Critical Level 	: HIGH
vendor URL :http://www.brotherscripts.com/
Price:$24.95
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description : 
BS Classifieds Ads Software allows users to browse and search for classified ads. The listings are detailed with photos, descriptions, ratings, reviews, features, contact information and driving directions linked to MapQuest. Users can also open an account and save their favorite ads to an online notebook.
Users can also post their ads. After the completion of registration, users are able to select and buy advertising packages depending on the length of time they would like their listings to be displayed. Payment are done through PayPal and 2Checkout. The user will will be informed about his account statistics by emails - 10 days before his account's expiration, 5 days, 1 day. 24 hours after his account expiration date, all his listings and his account will be deleted automatically. 
#######################################################################################################
Xploit :SQli Vulnerability

DEMO URL 1:http://server/General_Classifieds/search.php?c=[sqli]

DEMO URL 2:hhttp://server/General_Classifieds/browse.php?pcat=[sqli]

###############################################################################################################
# 0day no more 
# Sid3^effects