Dear Sir / Madam
The ItSecTeam has discovered a new bug inPHP Classifieds Lastest Version and will be glad to report and public it .
More information about this bug is listed below :=======================================================================================
Topic : PHP Classifieds Version 7.5
Bug type: Blind SQL Injection
Author : ItSecTeam
Remote : Yes
Status : Bug
===================== Content ======================(# Advisory Content : PHP Classifieds(# Mail : Bug@ItSecTeam.com(# Find By : Amin Shokohi(Pejvak!)(# Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members!(# Website : WwW.ItSecTeam.com(# Forum : WwW.Forum.ItSecTeam.com============================================================================================== Exploit 1=======================================(* http://localhost/phpClassifieds v7.5/ad_click.php?bid=2 SQL Injection Code
----------------------------------------------------------------------------------<BUG>
$bid=getParam("bid","");if($bid>0){
$sql_banner ="SELECT goto_url FROM $banner_tbl WHERE bid=****$bid****";........}</Bug>----------------------------------------------------------------------------------===========================================================================================
