header-logo
Suggest Exploit
vendor:
iTechClassifieds
by:
vinicius777
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: iTechClassifieds
Affected Version From: 3.03.057
Affected Version To: 3.03.057
Patch Exists: NO
Related CWE: N/A
CPE: a:itechscripts:itechclassifieds:3.03.057
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

iTechClassifieds v3.03.057 – SQL Injection

Two SQL Injection vulnerabilities were discovered in iTechClassifieds v3.03.057. The first vulnerability is located in the 'PreviewNum' parameter of the 'ChangeEmail.php' script. The second vulnerability is located in the 'CatID' parameter of the 'ViewCat.php' script.

Mitigation:

Input validation should be used to prevent SQL Injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: iTechClassifieds v3.03.057 - SQL Injection
# Date: 23/01/2014
# Exploit Author: vinicius777
# Vendor Homepage: http://itechscripts.com/download.html
# Software Link: http://itechscripts.com/downloads/download_itechclassifieds.html
# Version: 3.03.057


[1] SQL Injection - PreviewNun 

PoC: http://localhost/iTechClassifieds_v3/ChangeEmail.php?PreviewNum=1' [SQL INJECTION]



[2] SQL Injection - CatID

PoC: http://localhost/iTechClassifieds_v3/ViewCat.php?CatID=[SQL INJECTION]


#
#
# Greetz to g0tm1lk and TheColonial.

Navigation

Suggest Exploit

Services By CQR