Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting







[+]Title           Allpc 2.5 osCommerce  SQL-i/XSS Multiple Vulnerabilities
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on      Win Xp Sp 2/3
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Version:  	2.5
[~] Vendor:
==========ExPl0iT3d by **RoAd_KiLlEr**==========

Compatible with all versions of PHP 4 and above. 
It uses a database MySQL. 
It works in 4 languages, which are easily replaced in the administration panel. 

* Appearance: 
- The client part 
- Administration 

* Install / Installation 
- Simple automatic installation via the web-browser 

* Design / Placement 
- A simple change of patterns 
- Support for dynamic images 

* Administration / Functional 
- Supports unlimited products and categories 
The structure of products in categories 
The structure of the categories to the categories 
- Add / edit / delete categories, products, manufacturers, customers, and reviews 
- Support for physical (shippable) and virtual (zagruzhaemye) products 
- Land Administration is protected with username and password 
- Contact customers directly via email or contact the user 
- Easy to book and restore the database 
- Print invoices and packaging lists from the order 
- Statistics for products and customers 
- Multilingual support 
- Support the use of multiple currencies 
- Automatic exchange rates 
- Select what to display, and in what order the product that make the list page 
- Support for static and dynamic banners with full statistics

[+].  SQL-i Vulnerability

[P0C]:[SQL Injection] 

[DemO]:[SQL Injection]

[+]. XSS Vulnerability

The Search B0x of this script is vulnerable to XSS,because it fails to properly sanitize the response.
By submitting a malicious input to the web site, the user would only be able to compromise their security.That is their own browser cookies, cache objects, and so forth. 


[Atack Pattern]: "><script>alert(document.cookie)</script> 

 I used this pattern to show you that is vulnerable,but you can try HTML Injection,Url Redirect, Iframe,Etc.. Basically Your own Imagination is your Limit.. 
 Good Luck :P 

[!] Albanian Hacking Crew           
[!] **RoAd_KiLlEr**   
[!] MaiL: sukihack[at]gmail[dot]com
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
[!] Spec Th4nks:  r0073r  | indoushka | Sid3^effects| L0rd CruSad3r | SONIC | MaFFiTeRRoR | All Members | And All My Friendz
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN