Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: XSS Vulnerabilities in Alan Ward Acart

XSS Vulnerabilities in Alan Ward Acart

From: <parag0d_at_phreaker.net>
Date: 4 Dec 2003 06:09:59 -0000
('binary' encoding is not supported, stored as-is) Vulnerability: XSS Vulnerabilities in msg

Description: XSS (Cross Site Scripting) vulnerabilities exist in the msg parameter passed in the URL to many pages. This can be used to run arbitrary code on the website, or redirect to some other malicious script. These pages include:
        deliver.asp
        error.asp
        signin.asp
        admin/error.asp
        admin/index.asp

Exploit: A test script was used to prove this vulnerability
        www.example.com/acart2_0/affected_page.asp?msg= &lt;script&gt;alert("test")&lt;/script&gt;

Solution: The developer needs to properly sanitize variables passed through the URL to remove possible malicious code.

Credit: CyberArmy Application and Code Auditing Team
        Parag0d

The developer was contacted about this matter but never gave any reply.
Received on Dec 04 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos