Jump to content
ANdreicj

PHP Classifieds v7.5 Blind SQL Injection Vulnerability

By ANdreicj, in Exploituri

Recommended Posts

ANdreicj Newbie

ANdreicj

Posted
Posted 
Dear Sir / Madam
The ItSecTeam has discovered a new bug in  PHP Classifieds Lastest Version and will be glad to report and public it .
More information about this bug is listed below :
=======================================================================================
Topic : PHP Classifieds Version 7.5
Bug type : Blind SQL Injection
Author : ItSecTeam
Remote : Yes
Status   : Bug
===================== Content ======================
( # Advisory Content : PHP Classifieds
( # Mail : Bug@ItSecTeam.com
( # Find By : Amin Shokohi(Pejvak!)
( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members!
( # Website : WwW.ItSecTeam.com
( # Forum : WwW.Forum.ItSecTeam.com

=================================================
============================================= Exploit 1 =======================================
( * http://localhost/phpClassifieds v7.5/ad_click.php?bid=2 SQL Injection Code
----------------------------------------------------------------------------------
<BUG>
  $bid=getParam("bid","");
if ($bid>0)
{
    $sql_banner = "SELECT goto_url FROM $banner_tbl WHERE bid=****$bid****";
........}
</Bug>
----------------------------------------------------------------------------------
===========================================================================================


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...