0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Perl$hop e-commerce Script Trust Boundary Input Parameter Injection
[=================================================================== Perl$hop e-commerce Script Trust Boundary Input Parameter Injection =================================================================== A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS (Cross Site Scripting), Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the developers had little to no regard for web application security. Which, were this not a free product, I might comment further upon. As this is not the case, allow me to continue. One of the initial vulnerabilities I noticed when viewing the source code to a product page was the existence of a hidden input field named ITEM_PRICE. Now we simply download the source to the page, edit the hidden value of input field ITEM_PRICE to whatever we want, as an example value=?0.01?, and save. Reopen and purchase the item. The following checkout page will verify your success or lack thereof. So we can set our own price, fun stuff! Next we examine perlshop.cgi and notice that the script does not properly sanitize user input. After a little variable injection we find that the GET variable ?thispage? is vulnerable to a directory traversal and potential code execution depending on the environment. If you were hoping for an exploit example, here it is: http://target/cgi-bin/perlshop.cgi?ACTION=ENTER%20SHOP&thispage=../../../../../../../../etc/passwd&ORDER_ID=%21ORDERID%21&LANG=english&CUR=dollar And lastly, to save myself the trouble, I?ll just say that the GET variable CUR, thispage, LANG, and most likely others contain cross site scripting vulnerabilities. XSS vulnerabilities are not nearly as critical as the aforementioned directory traversal and code execution vulnerabilities though they should still be taken seriously as session fixation attempts could allow a hacker to hijack accounts. # 0day.today [2024-11-16] #