by r0t,der4444,cembo,VietMafia

Monday, April 10, 2006

ShopXS v4.0 XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 10 april 2006
vendor:MK Internet-Service GmbH
vendorlink:http://www.shopxs.de/
affected versions:ShopXS-Version 4.00 and previous
###############################################


Vuln. Description:

Input passed to the search module field parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
Greetings to: der4444,xaPridel,cembo,g0df4th3r,
waraxe,FrozenEye,str0ke,RaZbh,rst team,nst team,
Minsk,:[PsiHOdelik]:,damrai,UFoloG,verified team,
clanger,Hello_its_me,johnco,Txuri,The Cracker,
mag2000,fredrau,owen and to all X-ACCESS team!
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew