Full Disclosure mailing list archives
GMTT Music Distro 1.2 Vulnerable to XSS
From: <corrado.liotta () alice it>
Date: Tue, 22 May 2007 21:14:14 +0200
-=[--------------------ADVISORY-------------------]=- GMTT Music Distro Author: CorryL [corryl80 () gmail com] -=[-----------------------------------------------]=- -=[+] Application: GMTT Music Distro -=[+] Version: 1.2 -=[+] Vendor's URL: http://www.gmtt.co.uk/_catalog/web_stores -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: http://corryl.altervista.org/ -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. PHP Distro is designed to be an online record store, though you could use it to sell anything. The shop features: Paypal intergration, Admin add's product, support for cheque / postal order payments and many more. ..::[ Proof Of Concept ]::.. http://remote-server/path/showown.php?st=XSS
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- GMTT Music Distro 1.2 Vulnerable to XSS corrado.liotta (May 22)