BugTraq
[HSC Security Group] XSS in CartWiz Jul 26 2005 03:29PM
zinho hackerscenter com
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory

Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)

store/viewCart.asp?message=%3Cplaintext%3E

allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his account and change his own personal data.
This could lead to a permanent xss hole much more dangerous than the above.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus