Zumiez Specialty $628.85 Mln A Year In Sales Retailer Site | Multiple Vulnerabilities | BOT24

Zumiez Specialty $628.85 Mln A Year In Sales Retailer Site | Multiple Vulnerabilities

Zumiez Inc. operates as a specialty retailer of action sports related apparel, footwear, equipment, and accessories. Its apparel products include tops, bottoms, outerwear, caps, bags and backpacks, belts, jewelry, and sunglasses; and footwear products comprise action sports related athletic shoes and sandals. The company also offers various equipment products or hardgoods, such as skateboards, snowboards, and boots and bindings; and miscellaneous novelties. Its stores cater to young men and women between the ages of 12 and 24 focusing on sport lifestyle centered on activities that comprise skateboarding, surfing, snowboarding, bicycle motocross, and motocross. The company also sells its products online. As of August 25, 2012 it operated 486 stores, comprising 463 in the United States and 18 in Canada under the name of Zumiez, and 5 in Europe under the Blue Tomato name.



     ___           ___           ___                
     /  /\         /  /\         /  /\          __    
    /  /:/        /  /:/        /  /::\        |  |\  
   /  /:/        /  /:/        /  /:/\:\       |  |:|
  /  /::\ ___   /  /:/        /  /::\ \:\      |  |:|
 /__/:/\:\  /\ /__/:/     /\ /__/:/\:\ \:\     |__|:|__
 \__\/  \:\/:/ \  \:\    /:/ \  \:\ \:\_\/     /  /::::\
      \__\::/   \  \:\  /:/   \  \:\ \:\      /  /:/~~~~
      /  /:/     \  \:\/:/     \  \:\_\/     /__/:/  
     /__/:/       \  \::/       \  \:\       \__\/    
     \__\/         \__\/         \__\/                

Follow @freshprincehuey - http://twitter.com/freshprincehuey

http://zumiez.com < Fail Coding

Click on pic below to enlarge size and view vulns

File Inclusion - http://i.imgur.com/cPRFP.png



Cross site scripting - http://i.imgur.com/Kjhfa.png



Apache Version - 2.2.22 - www.google.com/?q=Apache+2.2.22+exploit

Full Path Disclosure - http://i.imgur.com/hFqY8.png


Possible SQL Injection - http://i.imgur.com/bUuu6.png


I say possible because, google logged that it use to have a SQL Injection but that does not mean its still there as they might have fixed it or I just cant find it -.-



#####################
# @freshprincehuey
#####################




//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment