lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 4 Dec 2003 06:09:59 -0000 From: <parag0d@...eaker.net> To: bugtraq@...urityfocus.com Subject: XSS Vulnerabilities in Alan Ward Acart Vulnerability: XSS Vulnerabilities in msg Description: XSS (Cross Site Scripting) vulnerabilities exist in the msg parameter passed in the URL to many pages. This can be used to run arbitrary code on the website, or redirect to some other malicious script. These pages include: deliver.asp error.asp signin.asp admin/error.asp admin/index.asp Exploit: A test script was used to prove this vulnerability www.example.com/acart2_0/affected_page.asp?msg= <script>alert("test")</script> Solution: The developer needs to properly sanitize variables passed through the URL to remove possible malicious code. Credit: CyberArmy Application and Code Auditing Team Parag0d The developer was contacted about this matter but never gave any reply.
Powered by blists - more mailing lists