0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Zen Cart v1.3.9f Multiple Remote Vulnerabilities
[================================================
Zen Cart v1.3.9f Multiple Remote Vulnerabilities
================================================
Vendor: Zen Ventures, LLC
Product web page: http://www.zen-cart.com
Version affected: 1.3.9f
Summary: Zen Cart is an online store management system. It is PHP-based, using a MySQL
database and HTML components. Support is provided for numerous languages and currencies,
and it is freely available under the GNU GPL.
Desc: Zen Cart v1.3.9f suffers from a persistent cross-site scripting (XSS) and SQL
injection vulnerability. The SQLi issue lies in "option_name_manager.php" script in the
"option_order_by" parameter thru the admin UI (post-auth). Input is not sanitized resulting
in compromising the db system.
The stored/persistent XSS issue lies pretty much everywhere in the admin panel when editing
and inserting strings in different categories. Ex:
- In Admin UI go to http://127.0.0.1/admin/record_company.php or Extras > Record Companies
and click "insert". Fill out the 1st or 3rd or 4th field or all of them, with the string:
"<script>alert("xss")</script>" and click save. Now...every time when you go back to that page
it will execute the code for every field.
Tested On: Apache 2.2.11 (Win32)
PHP 5.3.0
MySQL 5.1.36
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
Zero Science Lab - http://www.zeroscience.mk
liquidworm gmail com
19.08.2010
Vendor status: [19.08.2010] - Vulnerability discovered.
[22.08.2010] - Vendor contacted.
[22.08.2010] - Vendor responds asking more details.
[23.08.2010] - Sent PoC files to vendor.
[25.08.2010] - Vendor confirms vulnerability.
[02.09.2010] - Asked vendor for patch release date.
[08.09.2010] - Vendor states approximately 7 days to patch release.
[20.09.2010] - Asked vendor for status.
[24.09.2010] - Asked vendor for status again because of no reply from previous mail.
[28.09.2010] - Vendor informed about advisory release date.
[29.09.2010] - Vendor releases version 1.3.9g to address these issues.
[01.10.2010] - Public advisory released.
Advisory ID: ZSL-2010-4966
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4966.php
Vendor Advisory: http://www.zen-cart.com/forum/showthread.php?t=165017
PoC:
http://127.0.0.1/admin/options_name_manager.php?option_page=1&option_order_by=/ [ EXPLOIT ]
# 0day.today [2024-11-15] #