Re: ProductCart XSS Vulnerability

From: Massimo Arrigoni (supportat_private)
Date: Mon Jul 07 2003 - 17:32:30 PDT

Next message: Mike Bommarito: "Tomcat Dangerous Documentation/Tomcat Default Plaintext Password Storage"

Previous message: keepitsecretat_private: "Fwd: RE: Contact information for Microsoft Security Response Center [tf]"
Maybe in reply to: atomix atomix: "ProductCart XSS Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20030705052949.8408.qmailat_private> This security issue ONLY affects ProductCart v1.5 and before. It was fixed several months ago. Users of ProductCart v1.5 can update their software free of charge using the following fix, which also addresses the other recently posted security issues. http://www.earlyimpact.com/productcart/support/security-alert-070603.asp For any questions, please contact Early Impact at supportat_private The Early Impact Team >Received: (qmail 28069 invoked from network); 7 Jul 2003 20:09:18 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 7 Jul 2003 20:09:18 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id 2740B8F572; Mon, 7 Jul 2003 13:22:48 -0600 (MDT) >Mailing-List: contact bugtraq-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraqat_private> >List-Help: <mailto:bugtraq-helpat_private> >List-Unsubscribe: <mailto:bugtraq-unsubscribeat_private> >List-Subscribe: <mailto:bugtraq-subscribeat_private> >Delivered-To: mailing list bugtraqat_private >Delivered-To: moderator for bugtraqat_private >Received: (qmail 13682 invoked from network); 5 Jul 2003 05:28:30 -0000 >Date: 5 Jul 2003 05:29:49 -0000 >Message-ID: <20030705052949.8408.qmailat_private> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: atomix atomix <at0mix87at_private> >To: bugtraqat_private >Subject: ProductCart XSS Vulnerability > > > >##################### ># ProductCart XSS # ># Vulnerability # ># found by atomix # >##################### > >i came across the fact that in an area of ProductCart you are able to >manipulate the error message, therefore allowing tags such as <script> and ><iframe> to be used: > >http://www.website.com/ProductCart/pc/msg.asp?message=><script>alert >(document.cookie);</script> > >http://www.website.com/ProductCart/pc/msg.asp?message=="C:\"% >20width=400%20height=400></iframe> > >-atomix | atom b0mbs >

Next message: Mike Bommarito: "Tomcat Dangerous Documentation/Tomcat Default Plaintext Password Storage"
Previous message: keepitsecretat_private: "Fwd: RE: Contact information for Microsoft Security Response Center [tf]"
Maybe in reply to: atomix atomix: "ProductCart XSS Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 09 2003 - 11:16:05 PDT