TUCoPS :: Web :: e-commerce, shopping carts :: tb13160.htm

Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability
Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability
Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability


[HSC] Smart-Shop Shopping Cart Cross-Site Scripting Vulrnability=0D
=0D
=0D
=0D
SMART-SHOP shopping cart software is a all-in-one hosted e-commerce solution =0D
that creates and helps you maintain your online store fast, easy, and cost-effective. =0D
Many people using this software must be warned that there are holes in the application.=0D
An attacker may leverage this issue to have arbitrary script code=0D
execute in the browser of an unsuspecting user in the context of the affected site.=0D
This may help the attacker steal cookie-based authentication credentials and launch=0D
other attacks.=0D
=0D
Hackers Center Security Group (http://www.hackerscenter.com)=0D 
Credit: Doz=0D
=0D
=0D
Risk: Medium=0D
Class: Input Validation Error=0D
=0D
=0D
Vendor: http://www.smart-shop.com=0D 
Product: Smart-Shop=0D
=0D
=0D
* Attackers can exploit these issues via a web client.=0D
=0D
Remote links:=0D
=0D
/index.php?page=&email==0D
/index.php?page=home&command==0D
/index.php?page=home&component=currencies&command==0D
=0D
=0D
Cross-Site Scripting Example:=0D
=0D
/index.php?page=home&component=basket&command=%3Cscript%3Ealert(document.cookie);%3C/script%3E=0D
=0D
=0D
=0D
=0D
Only becoming a Ethical Hacker, you can stop a Hacker. Learn with out having=0D
to pay thousands!- http://kit.hackerscenter.com - The most comprehensive security=0D 
pack you will ever find on the net!=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH