|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[HSC Security Group] XSS in CartWiz
zinho
hackerscenter.com
Date: Tue Jul 26 2005 - 10:29:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)
store/viewCart.asp?message=%3Cplaintext%3E
allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his account and change his own personal data.
This could lead to a permanent xss hole much more dangerous than the above.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]