Bs Auto_Classifieds Script(articlesdetails.php) Sqli Vulnerability

vendor:

Auto_Classifieds Script

by:

Sid3^effects aKa HaRi

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Auto_Classifieds Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Bs Auto_Classifieds Script(articlesdetails.php) Sqli Vulnerability

Setup your own auto classifieds website with BrotherScripts.com. An SQL injection vulnerability exists in the articlesdetails.php script, which allows an attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize user input and use parameterized queries to prevent SQL injection.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Bs Auto_Classifieds Script(articlesdetails.php) Sqli Vulnerability
Date : july 5,2010
Critical Level 	: HIGH
vendor URL :http://www.brotherscripts.com/
Price:$24.95
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description : 
Setup your own auto classifieds website with BrotherScripts.com. We are offering a top quality auto listings software which allows car buyers to search available autos for free. The auto listings are highly detailed with photos, dealer/person information and driving directions linked to MapQuest.
Dealers and car sellers can list their properties, too. After a new dealer has registered, he/she is able to select and buy a package depending on how many adverts they want to to post and for the time duration they want to show them. Payments are done via PayPal or 2Checkout. Before expiration of the account the dealer will be informed by sending a few emails - 10 days before the expiration of his account, 5 and 1 days. All dealers' listings are deleted automatically after 24 hours of expiration of his account

#######################################################################################################
Xploit :SQli Vulnerability

DEMO URL :http://server/Auto_Classifieds/articlesdetails.php?id=[sqli]

###############################################################################################################
# 0day no more 
# Sid3^effects