Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

Bitweaver source code disclosure, arbitrary file upload

milliscripts (dir.php) Cross-Site Scripting Vulnerability

Instant Softwares DatingSite SQL Injection

[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise

From:	Hackers Center Security Group <DoZ_(at)_hackerscenter.com>
Date:	2 января 2008 г.
Subject:	LiveCart Multiple Cross-Site Scripting Vulnerabilities

[HSC] LiveCart Multiple Cross-Site Scripting Vulnerabilities



LiveCart is a new PHP/MySQL powered shopping cart software developed by
Integry Systems.
An attacker may leverage this issue to have arbitrary script code execute in
the browser
of an unsuspecting user in the context of the affected site. This may help
the attacker
steal cookie-based authentication credentials and launch other attacks.


Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz


Risk: Medium
Class: Input Validation Error
Remote: YES

Vendor: http://livecart.com
Version: 1.0.1



* Attackers can exploit these issues via a web client.


Exploit Path:


http://www.site.com/user/remindPassword?return=XSS

http://www.site.com/category?id=1&q=XSS

http://www.site.com/order?return=order/XSS

http://www.site.com/user/remindComplete?email=XSS


Reference: http://www.hackerscenter.com/archive/view.asp?id=28144