phpclassifieds75-sql.txt
Posted on 16 March 2010
Dear Sir / Madam The ItSecTeam has discovered a new bug in PHP Classifieds Lastest Version and will be glad to report and public it . More information about this bug is listed below : ======================================================================================= Topic : PHP Classifieds Version 7.5 Bug type : Blind SQL Injection Author : ItSecTeam Remote : Yes Status : Bug ===================== Content ====================== ( # Advisory Content : PHP Classifieds ( # Script : http://www.webalfa.110mb.com/files/phpClassifieds.v7.5.Nulled-(www.webalfa.ir).zip<http://easy-script.com/scripts-PHP/phenix-35b-5503.html> ( # Mail : Bug@ItSecTeam.com ( # Find By : Amin Shokohi(Pejvak!) ( # Special Tnx : M3hr@n.S , 0xd41684c654 And All Team Members! ( # Website : WwW.ItSecTeam.com<http://www.itsecteam.com/> ( # Forum : WwW.Forum.ItSecTeam.com<http://www.itsecteam.com/> ================================================= ============================================= Exploit 1 ======================================= ( * http://localhost/phpClassifieds v7.5/ad_click.php?bid=2 SQL Injection Code ---------------------------------------------------------------------------------- <BUG> $bid=getParam("bid",""); if ($bid>0) { $sql_banner = "SELECT goto_url FROM $banner_tbl WHERE bid=****$bid****"; ........} </Bug> ---------------------------------------------------------------------------------- ===========================================================================================