PHP Classifieds version 7.5 suffers from a remote blind SQL injection vulnerability.
d7725a7ddac54e6687eca8f23299ec9e1c5f7780e3d9b449b9d2db6889cba9ad
Dear Sir / Madam
The ItSecTeam has discovered a new bug in PHP Classifieds Lastest Version and will be glad to report and public it .
More information about this bug is listed below :
=======================================================================================
Topic : PHP Classifieds Version 7.5
Bug type : Blind SQL Injection
Author : ItSecTeam
Remote : Yes
Status : Bug
===================== Content ======================
( # Advisory Content : PHP Classifieds
( # Script : http://www.webalfa.110mb.com/files/phpClassifieds.v7.5.Nulled-(www.webalfa.ir).zip<http://easy-script.com/scripts-PHP/phenix-35b-5503.html>
( # Mail : Bug@ItSecTeam.com
( # Find By : Amin Shokohi(Pejvak!)
( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members!
( # Website : WwW.ItSecTeam.com<http://www.itsecteam.com/>
( # Forum : WwW.Forum.ItSecTeam.com<http://www.itsecteam.com/>
=================================================
============================================= Exploit 1 =======================================
( * http://localhost/phpClassifieds v7.5/ad_click.php?bid=2 SQL Injection Code
----------------------------------------------------------------------------------
<BUG>
$bid=getParam("bid","");
if ($bid>0)
{
$sql_banner = "SELECT goto_url FROM $banner_tbl WHERE bid=****$bid****";
........}
</Bug>
----------------------------------------------------------------------------------
===========================================================================================