Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities
From: Vympel (vympel.brgmail.com)
Date: Fri May 26 2006 - 18:43:57 CDT
Software: CosmicShoppingCart (www.cosmicphp.com)
Discovered by: Vympel (Marcelo Almeida)
Background: CosmicShoppingCart is a PHP / MySQL e-commerce system. It is a
fully customizable, shopping cart designed.
Multiple Cross site scripting and SQL injection vulnerabilities have been
found in CosmicShoppingCart.
1)Multiple Cross site scripting vulnerabilities have been found in the
2)SQL injections have been found, they could be exploited by users to
retrieve the passwords of the admin.
Vendor: First contact 16/02/2005
Contacted again in 25/03/2005
Publish advisory 25/05/2006
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/