A-CART register.asp XSS

2003-12-04T08:28:28
ID OSVDB:2907
Type osvdb
Reporter parag0d(parag0d@phreaker.net)
Modified 2003-12-04T08:28:28

Description

Vulnerability Description

Alan Ward A-CART contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate input variables upon submission to the register.asp script. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Alan Ward A-CART contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate input variables upon submission to the register.asp script. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

References:

Vendor URL: http://www.alanward.net/acart/ Secunia Advisory ID:10375 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-12/0050.html