Thursday, 26 April 2012

[EN] HikaShop information disclosure bug


[ TITLE ....... ][ HikaShop information disclosure bug
[ DATE ........ ][ 18.04.2012
[ AUTOHR ...... ][ http://hauntit.blogspot.com
[ SOFT LINK ... ][
[ VERSION ..... ][ latest
[ TESTED ON ... ][ LAMP
[ ----------------------------------------------------------------------- [

[ 1. What is this?
[ 2. What is the type of vulnerability?
[ 3. Where is bug :)
[ 4. More...

[--------------------------------------------[
[ 1. What is this?
This is very nice CMS, You should try it! ;)

[--------------------------------------------[
[ 2. What is the type of vulnerability?
Information disclosure bug.

[--------------------------------------------[
[ 3. Where is bug :)
Try this:

http://joomla2.5.4/index.php/component/hikashop/checkout/state/tmpl-component?field_type=address&field_namekey=%22%3EKUBA;]%3Cbr%3E%3Cbr%3E%3Cbr%3E

Vulnerable parameters seems to be:
order_id
product_id
checkout
field_namekey


[--------------------------------------------[
[ 4. More...

- http://hauntit.blogspot.com
- http://www.concrete5.org/
- http://www.google.com
- http://portswigger.net
[
[--------------------------------------------[
[ Ask me about new projects @ mail. ;)
]
[ Best regards
[

No comments:

Post a Comment

What do You think...?