Zeeways Script Multiple Vulnerabilities

vendor:

Zeeways Script

by:

XroGuE

N/A

CVSS

N/A

SQL Injection

CWE

Product Name: Zeeways Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: a:zeeways:zeeways_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Zeeways Script Multiple Vulnerabilities

The vulnerability is located in the "product_desc.php" file when the "id" parameter is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

The vulnerability can be patched by properly sanitizing user-supplied input before using it in SQL queries.

Source

Exploit-DB raw data:

=======================================================================
# Zeeways Script Multiple Vulnerabilities
=======================================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1                      
1   /' \            __  /'__`\        /\ \__  /'__`\                   0                     
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1                                
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0                  
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1                      
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0                   
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1                  
1                  \ \____/ >> Exploit database separated by exploit   0                          
0                   \/___/          type (local, remote, DoS, etc.)    1                        
1                                                                      1                          
0  [+] Site            : Inj3ct0r.com                                  0                            
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1                               
0                                                                      0                             
1                    ####################################              1
0                    I'm XroGuE member from Inj3ct0r Team              1
1                    ####################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1         

########################################################################
# Name: Zeeways Script Multiple Vulnerabilities
# Vendor: www.Zeeways.com
# Date: 2010-05-30
# Author: XroGuE
# Thanks to: Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com
# Home: (-_+)
########################################################################

[+] Dork: inurl:"product_desc.php?id=" Powered by Zeeways.com 

########################################################################

[+] HTML InjecTion Vulnerability:

[+] Demo: http://[site]/[path]/signinform.php?msg=<h1>XSS,HTML InjecTion</h1>

########################################################################

[+] XSS InjecTion Vulnerability:

[+] Demo: http://[site]/[path]/signinform.php?msg=

########################################################################