Computer Security

Security Advisory: Shopping Cart V0.9
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues

  TigerTom Scripts

  vBulletin 3.5.4 (install_path)
Exploit

  BLOG:CMS 4.1.0 SQL injection File Include Vulnerability

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:06.07.2006
Subject:Shopping Cart V0.9

Shopping Cart V0.9

Homepage:
http://glendown.de/shop/

Affected files:

index.php
editshop.php
edititem.php
-----------------------------------------

XSS vuln on editshop.php & edititem.php:

Data isn't sanatized before being entered. For a PoC as a shop name or item enter in:

<script>alert('xss')</script>

The shop names also appear on index.php, so it's affected here too.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru