PHPAuctions 'profile.php' SQL Injection and Cross Site Scripting Vulnerabilities

info
discussion
exploit
solution
references

PHPAuctions 'profile.php' SQL Injection and Cross Site Scripting Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.

The following exploit code and example URIs are available:

/data/vulnerabilities/exploits/33115.pl
/data/vulnerabilities/exploits/33115.html