Lucene search
K

livecart-xss.txt

🗓️ 31 Dec 2007 00:00:00Reported by DoZType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 22 Views

LiveCart PHP/MySQL shopping cart multiple XSS vulnerabilities. Attackers execute arbitrary script code in browser to steal authentication credentials. Risk: Medium. Vendor: livecart.com

Code
` [HSC] LiveCart Multiple Cross-Site Scripting Vulnerabilities  
  
  
  
LiveCart is a new PHP/MySQL powered shopping cart software developed by  
Integry Systems.  
An attacker may leverage this issue to have arbitrary script code execute in  
the browser  
of an unsuspecting user in the context of the affected site. This may help  
the attacker  
steal cookie-based authentication credentials and launch other attacks.  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
  
Risk: Medium  
Class: Input Validation Error  
Remote: YES  
  
Vendor: http://livecart.com  
Version: 1.0.1  
  
  
  
* Attackers can exploit these issues via a web client.  
  
  
Exploit Path:  
  
  
http://www.site.com/user/remindPassword?return=XSS  
  
http://www.site.com/category?id=1&q=XSS  
  
http://www.site.com/order?return=order/XSS  
  
http://www.site.com/user/remindComplete?email=XSS  
  
  
Reference: http://www.hackerscenter.com/archive/view.asp?id=28144  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation