exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

OpenCart 2.0.3.1 Cross Site Scripting

OpenCart 2.0.3.1 Cross Site Scripting
Posted Aug 15, 2016
Authored by Hamed Izadi

OpenCart version 2.0.3.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f5c86ef5a704aa36adf018c3d9382bde7480eee1600faeb5b41239ea7b4ff895

OpenCart 2.0.3.1 Cross Site Scripting

Change Mirror Download
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.0.3.1 and possibly below
Vendor Homepage : http://www.opencart.com
Vulnerability Type : Cross-site Scripting
Severity : Important


Description
--------------------
By exploiting a Cross-site scripting vulnerability the attacker can hijack
a logged in users session. This means that the malicious hacker can change
the logged in users password and invalidate the session of the victim
while the hacker maintains access. As seen from the XSS example in this
article, if a web application is vulnerable to cross-site scripting and the
administrators session is hijacked, the malicious hacker exploiting the
vulnerability will have full admin privileges on that web application.

Technical Details
--------------------
Proof of Concept URLs for XSS in OpenCart v2.0.3.1:

/opencart/index.php?route=product/product&product_id=1
(product_id - GET)

XSS Payload : %27);window[%27al\u0065rt%27](/XSS/);//

Example:
/opencart/index.php?route=product/product&product_id=1%27);window[%27al\u0065rt%27](/XSS/);//

After opening the above URL, click on "Add to Wish List" & "Compare this Product" icons,
and view the alert window.




Solution
--------------------
Upgrade to newer version


Credits & Authors
--------------------
These issues have been discovered by Hamed Izadi



###########################

# Iran

# L U Arg

###########################
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close