This exploit demonstrates SQL injection and XSS vulnerabilities in EasyService Billing 1.0 via the 'p1' parameter in 'customer-new-s.php'. It includes payloads for boolean-based blind, error-based, time-based blind, and UNION query SQLi, as well as a simple XSS payload.
Classification
Working Poc 95%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target:EasyService Billing 1.0
No auth needed
Prerequisites:Access to the vulnerable endpoint · No authentication required