2daybiz Custom T-Shirt suffers from cross site scripting and remote SQL injection vulnerabilities.
f25841ca905885c0160c0f3e086e585669355d95f32ad17dcd5ce125e01042eb$-------------------------------------------------------------------------------------------------------------------
$ 2daybiz custom T-shirt SQL Injection and Cross Site Scripting Vulnerabilities
$ Author : Sangteamtham
$ Home : Hcegroup.net
$ Download :http://www.2daybiz.com/customt-shirt_designscript.html
$ Date :06/24/2010
$
$******************************************************************************************
$Exploit:
$
$ 1.SQL injection:
$
$ http://server/products_details.php?sbid=[id number]
$ http://server/products/products.php?pid=[id number]
$ http://server/designview.php?designid=[id number]
$
$ 2.XSS
$ When you login, attackers can write a review, there they insert javascript code to deface website
$ or redirect website to the virus-contained website.
$
$ Demo deface:
$ http://www.2daybiz.com/products/tshirt/
$
$
$******************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed