Allpc 2.5 osCommerce Cross Site Scripting / SQL Injection

Type packetstorm
Reporter RoAd_KiLlEr
Modified 2010-09-28T00:00:00


                                            `[+]Title Allpc 2.5 osCommerce SQL-i/XSS Multiple Vulnerabilities  
[+]Author **RoAd_KiLlEr**  
[+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws  
[+]Tested on Win Xp Sp 2/3  
[~] Founded by **RoAd_KiLlEr**  
[~] Team: Albanian Hacking Crew  
[~] Version: 2.5  
[~] Vendor:  
==========ExPl0iT3d by **RoAd_KiLlEr**==========  
Compatible with all versions of PHP 4 and above.  
It uses a database MySQL.  
It works in 4 languages, which are easily replaced in the administration panel.  
* Appearance:  
- The client part  
- Administration  
* Install / Installation  
- Simple automatic installation via the web-browser  
* Design / Placement  
- A simple change of patterns  
- Support for dynamic images  
* Administration / Functional  
- Supports unlimited products and categories  
The structure of products in categories  
The structure of the categories to the categories  
- Add / edit / delete categories, products, manufacturers, customers, and reviews  
- Support for physical (shippable) and virtual (zagruzhaemye) products  
- Land Administration is protected with username and password  
- Contact customers directly via email or contact the user  
- Easy to book and restore the database  
- Print invoices and packaging lists from the order  
- Statistics for products and customers  
- Multilingual support  
- Support the use of multiple currencies  
- Automatic exchange rates  
- Select what to display, and in what order the product that make the list page  
- Support for static and dynamic banners with full statistics  
[+]. SQL-i Vulnerability  
[P0C]:[SQL Injection]  
[DemO]:[SQL Injection]  
[+]. XSS Vulnerability  
The Search B0x of this script is vulnerable to XSS,because it fails to properly sanitize the response.  
By submitting a malicious input to the web site, the user would only be able to compromise their security.That is their own browser cookies, cache objects, and so forth.  
[Atack Pattern]: "><script>alert(document.cookie)</script>  
I used this pattern to show you that is vulnerable,but you can try HTML Injection,Url Redirect, Iframe,Etc.. Basically Your own Imagination is your Limit..  
Good Luck :P  
[!] Albanian Hacking Crew   
[!] **RoAd_KiLlEr**   
[!] MaiL: sukihack[at]gmail[dot]com  
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers  
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects| L0rd CruSad3r | SONIC | MaFFiTeRRoR | All Members | And All My Friendz  
[!] Red n'black i dress eagle on my chest  
It's good to be an ALBANIAN  
Keep my head up high for that flag I die  
Im proud to be an ALBANIAN