Home / exploits SOTESHOP 6.1 XSS & FPD
Posted on 24 September 2013
#Title: SOTESHOP 6.1 - XSS & FPD #Date: 22.09.2013 #Tested on: Linux 2.4.X #Version: 6.1 (newest atm) #Vendor: sote.pl #Demo: giallo.demo.sote.pl #Contant: smash@devilteam.pl 1. Cross Site Scripting at user basket At first we need to add something to our basket, then we need to visit host/user_data/addBasketUser Example - giallo.demo.sote.pl/user_data/addBasketUser Fill form "Uwagi do zamówienia" (Attention to order) with </textarea><script>alert(666)</script> - voilà! 2. Cross Site Scripting at product review Find some product then click on specific number of stars so you can rate it, example: http://giallo.demo.sote.pl/trampki-blue.html In "Recenzja" (which stands for review) write </em><script>alert(666)</script> - and there's an alert. 3. Cross Site Scripting in username Register an account on SOTESHOP, for example on sklep.tvp.pl and fill it with valid content. After registration complete go to sklep.tvp.pl/user/editAccount and go for "Zmieñ email (login)" which means to change your login. Just insert there <script>alert(666)</script> and you will earn persistent xss on every page. 4. Full Path Disclosure /stThumbnailPlugin.php?f=product&i[]=&t=icon&u= PoC: HOST/stThumbnailPlugin.php?f=product&i[]=&t=icon&u= HOST/stThumbnailPlugin.php?f=product&i[]=&t=icon&u=
