Absolute Shopping Cart Cross Site Scripting

2010-07-16T00:00:00
ID PACKETSTORM:91880
Type packetstorm
Reporter D4rk357
Modified 2010-07-16T00:00:00

Description

                                        
                                            `#################################################################  
# Exploit Title: Absolute shopping cart remote Persistent XSS vulnerability  
  
# Date: 15th july 2010  
  
# Author: D4rk357  
  
#Critical:meduim   
  
#contact:d4rk357[at]yahoo[dot]in  
  
# Software Link:http://www.absoluteshoppingcartdemo.co.uk/  
  
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant  
  
Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and all ICW members  
  
##############################################################################  
  
Login as Admin into the website .  
  
GO to administration>products>Edit products or any other option .  
  
In heading or content type <marquee><h1>XSS3d By D4rk357</h1><marquee> .  
  
On the other hand a user using this CMS can upload a persistent XSS in this site while   
submitting a article using same method.   
  
##################################################################################  
#D4rk357  
`