[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HSC Security Group] XSS in CartWiz

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [HSC Security Group] XSS in CartWiz
From: zinho@xxxxxxxxxxxxxxxxx
Date: 26 Jul 2005 15:29:41 -0000

Hackers Center Security Group (http://www.hackerscenter.com/)          
Zinho's Security Advisory           

Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)


store/viewCart.asp?message=%3Cplaintext%3E

allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his 
account and change his own personal data.
This could lead to a permanent xss hole much more dangerous than the above.

Prev by Date: Vulnerability in IBM access
Next by Date: RE: ClamAV Multiple Rem0te Buffer Overflows
Previous by thread: Vulnerability in IBM access
Next by thread: Internet Explorer AJAX Bug
Index(es):
- Date
- Thread