XSS in Brazilian Insite products

[Carlos Ulver <carlos.ulver () gmail com>]

Well i have found some XSS in insite products

Inmail -> As the name says a webmail 
Inshop -> Shopping Cart

The XSS problem founded could stole user accounts without the need of password.
I sent an e-mail long time ago telling them about this, but i get no
answers and no correction was made so...

The proof of concept i shown below:
Its important accentuate that users must be logged ON to view this
proof of concept.

But an atacker could also forge a malicious link and send it to the
victim(inmail) or make a commentary of a product(inshop) that contain
malicious codes using html and javascript.

Proof:
-----------------
Inmail:
http://target/mod_perl/inmail.pl?acao=<<h1>opss!</h1>
For the webmail we need to use two << in the beginning of the first
tag of the XSS. It looks like a filter for any tag.

Inshop:
http://hostalvo/mod_perl/inshop.pl?screen=<script>alert(document.cookie);</script>

Thanks and sorry for the bad english.

Carlos