[VIM] Preprojects Pre Classified Listings 'category' Parameter SQL Injection Vulnerability
George A. Theall
theall at tenable.com
Mon Mar 19 13:35:39 CDT 2012
Looks like SecurityFocus created BID 52543 today for a SQL injection in Pre Classifieds. They give as a sample PoC:
http://wwww.example.com/classi/search.php?category=-1+union+all+select+version()--
which matches EDB-ID 18613.
This looks to me like a dup of CVE-2007-2675 / OSVDB 35597 / BID 23795 / EDB-ID 3840:
search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/*
search.php?category=-1/**/union/**/select/**/name/**/from/**/users/*
Rob?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list