GMTT Music Distro 1.2 XSS Exploit

2007-05-25T00:00:00
ID SECURITYVULNS:DOC:17078
Type securityvulns
Reporter Securityvulns
Modified 2007-05-25T00:00:00

Description

-=[--------------------ADVISORY-------------------]=-

              GMTT Music Distro

Author: CorryL [corryl80@gmail.com]
-=[-----------------------------------------------]=-

-=[+] Application: GMTT Music Distro -=[+] Version: 1.2 -=[+] Vendor's URL: http://www.gmtt.co.uk/_catalog/web_stores -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: http://corryl.altervista.org/ -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

PHP Distro is designed to be an online record store, though you could use it to sell anything. The shop features: Paypal intergration, Admin add's product, support for cheque / postal order payments and many more.

..::[ Proof Of Concept ]::..

http://remote-server/path/showown.php?st=XSS