Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

XSS Vulnerabilities in Alan Ward Acart

From: <parag0d () phreaker net>
Date: 4 Dec 2003 06:09:59 -0000


Vulnerability:  XSS Vulnerabilities in msg

Description:    XSS (Cross Site Scripting) vulnerabilities exist in the msg parameter passed in the URL to many pages.  
This can be used to run arbitrary code on the website, or redirect to some other malicious script.  These pages include:
        deliver.asp
        error.asp
        signin.asp
        admin/error.asp
        admin/index.asp

Exploit:        A test script was used to prove this vulnerability
        www.example.com/acart2_0/affected_page.asp?msg= &lt;script&gt;alert("test")&lt;/script&gt;

Solution:       The developer needs to properly sanitize variables passed through the URL to remove possible malicious 
code.

Credit: CyberArmy Application and Code Auditing Team
        Parag0d

The developer was contacted about this matter but never gave any reply.
Previous By Date Next
Previous By Thread Next

Current thread: