Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

paypal-inject.txt

🗓️ 24 Jan 2007 00:00:00Reported by DoZType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Paypal Subscription Manager allows webmaster to create subscription website, enabling instant access to digital products after payment. It uses PHP and MySQL for efficient processing. However, it is vulnerable to input validation errors, allowing attackers to execute arbitrary script code and potentially compromise the application and steal authentication credentials

Code
`Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient, professional processing. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.  
  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
  
Credit: Doz  
Risk: Medium  
  
  
Class: Input Validation Error  
Remote: No  
Local: Yes - Admin Panel  
  
  
Version: Paypal Subscription Manager  
Vendor: www.easebayresources.com  
  
  
Online Demo: http://www.easebayresources.com/demo.html  
[email protected]   
  
  
Attackers can exploit these issues via a web client.  
  
  
SQL:  
  
http://www.Site.com/psm/admin/memberlist.php?keyword=[SQl]&p=a&by=1&sbmt1=++Search++&init_row=0&sort=create_time&sq=desc&status=1  
  
  
XSS:  
  
http://www.Site.com/psm/admin/edit_member.php?username=Admin=[XSS]  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Jan 2007 00:00Current
7.4High risk
Vulners AI Score7.4
paypal subscription managersubscription websitedigital productsphpmysqlinput validation errorarbitrary script codecompromiseauthentication credentials
26