[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [HSC Security Group] XSS in CartWiz
From:       zinho () hackerscenter ! com
Date:       2005-07-26 15:29:41
Message-ID: 20050726152941.24688.qmail () securityfocus ! com
[Download RAW message or body]

Hackers Center Security Group (http://www.hackerscenter.com/)          
Zinho's Security Advisory           

Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)


store/viewCart.asp?message=%3Cplaintext%3E

allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his account and \
change his own personal data. This could lead to a permanent xss hole much more \
dangerous than the above.


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic