bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/20010.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

21 lines
No EOL
879 B
Text
Raw Blame History

######################################################################################
# Exploit Title: X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
# Date: Jul 21 2012
# Author: muts
# Version: X-Cart Gold 4.5
# Vendor URL: http://www.x-cart.com/
######################################################################################
X-Cart Gold implements a degree of XSS filtering but it is incomplete.
The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using
HTML anchor methods and URL encoding.
Timeline:
29 May 2012: Vulnerability reported to CERT
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
21 Jul 2012: Public Disclosure
PoC:
http://victim/xcart/products_map?symb=%22%20onmousemove=javascript:eval%28unescape%28%26quot%3balert%28%22xss%22%29%3B%26quot%3B%29%29%3EAAAAAA
Reference in a new issue View git blame Copy permalink