[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [HSC Security Group] XSS in CartWiz
From: zinho () hackerscenter ! com
Date: 2005-07-26 15:29:41
Message-ID: 20050726152941.24688.qmail () securityfocus ! com
[Download RAW message or body]
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)
store/viewCart.asp?message=%3Cplaintext%3E
allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his account and \
change his own personal data. This could lead to a permanent xss hole much more \
dangerous than the above.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic