PHP Classifieds 7.5 - Blind SQL Injection

EDB-ID:

11739

CVE:



Platform:

PHP

Published:

2010-03-15

Dear Sir / Madam
The ItSecTeam has discovered a new bug in  PHP Classifieds Lastest Version and will be glad to report and public it .
More information about this bug is listed below :
=======================================================================================
Topic : PHP Classifieds Version 7.5
Bug type : Blind SQL Injection
Author : ItSecTeam
Remote : Yes
Status   : Bug
===================== Content ======================
( # Advisory Content : PHP Classifieds
( # Mail : Bug@ItSecTeam.com
( # Find By : Amin Shokohi(Pejvak!)
( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members!
( # Website : WwW.ItSecTeam.com
( # Forum : WwW.Forum.ItSecTeam.com

=================================================
============================================= Exploit 1 =======================================
( * http://localhost/phpClassifieds v7.5/ad_click.php?bid=2 SQL Injection Code
----------------------------------------------------------------------------------
<BUG>
  $bid=getParam("bid","");
if ($bid>0)
{
    $sql_banner = "SELECT goto_url FROM $banner_tbl WHERE bid=****$bid****";
........}
</Bug>
----------------------------------------------------------------------------------
===========================================================================================