Dear Sir / Madam The ItSecTeam has discovered a new bug in PHP Classifieds Lastest Version and will be glad to report and public it . More information about this bug is listed below : ======================================================================================= Topic : PHP Classifieds Version 7.5 Bug type : Blind SQL Injection Author : ItSecTeam Remote : Yes Status : Bug ===================== Content ====================== ( # Advisory Content : PHP Classifieds ( # Script : http://www.webalfa.110mb.com/files/phpClassifieds.v7.5.Nulled-(www.webalfa.ir).zip ( # Mail : Bug@ItSecTeam.com ( # Find By : Amin Shokohi(Pejvak!) ( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members! ( # Website : WwW.ItSecTeam.com ( # Forum : WwW.Forum.ItSecTeam.com ================================================= ============================================= Exploit 1 ======================================= ( * http://localhost/phpClassifieds v7.5/ad_click.php?bid=2 SQL Injection Code ---------------------------------------------------------------------------------- $bid=getParam("bid",""); if ($bid>0) { $sql_banner = "SELECT goto_url FROM $banner_tbl WHERE bid=****$bid****"; ........} ---------------------------------------------------------------------------------- ===========================================================================================