https://www.exploit-db.com/exploits/23269
https://cxsecurity.com/issue/WLB-2007100114
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-463

MyClassifiedsSQL是一款方便快捷构建站点论坛系统的脚本。MyClassifiedsSQL由于没有充分过滤用户提交的$email变量，远程攻击者可以利用这个漏洞进行SQL注入攻击，可以更改数据库信息或破坏数据库。攻击者提交恶意SQL代码到Email变量，可导致更改原来应用系统的SQL逻辑，如使软件写用户密码到一个全局可读的文件中，利用这些敏感信息进一步对系统进行攻击，也可以对数据库进行破坏操作。

source: http://www.securityfocus.com/bid/8863/info

It has been reported that FuzzyMonkey MyClassifieds may be prone to a SQL injection vulnerability that may allow an attacker to disclose user passwords by supplying malicious SQL code to the Email variable. This attack may cause the software to write user password to a world readable file, which may be accessed to launch further attacker against a system.

A malicious user may influence database queries in order to view or modify sensitive information, and gain unauthorized access by disclosing user passwords therefore potentially compromising the software or the database.

MyClassifieds version 2.11 has been reported to be prone to this vulnerability, however other versions may be affected as well. 

If the value of $email is [email protected]' OR 1=1 INTO OUTFILE
'/<directory-path>/pass.txt, the SQL request becomes:

select passmd5 from people where email=' [email protected]' OR 1=1 INTO OUTFILE
'/<directory-path>/pass.txt'

来源:BID
名称:8863
链接:http://www.securityfocus.com/bid/8863
来源:BUGTRAQ
名称:20031021SQLInjectionVulnerabilityinFuzzyMonkeyMyClassifiedsSQLVersion
链接:http://www.securityfocus.com/archive/1/341908
来源:SREASON
名称:3293
链接:http://securityreason.com/securityalert/3293
来源：NSFOCUS
名称：5575
链接：http://www.nsfocus.net/vulndb/5575