Home page logo

bugtraq logo Bugtraq mailing list archives

[HSC Security Group] XSS in CartWiz
From: zinho () hackerscenter com
Date: 26 Jul 2005 15:29:41 -0000

Hackers Center Security Group (http://www.hackerscenter.com/)          
Zinho's Security Advisory           

Desc: XSS in CartWIZ
Risk: Medium (Cookie stealing)


allows anyone to retrieve cookie and take control over the account.
I noticed there are also some unchecked input when a user log in into his account and change his own personal data.
This could lead to a permanent xss hole much more dangerous than the above.

  By Date           By Thread  

Current thread:
  • [HSC Security Group] XSS in CartWiz zinho (Jul 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]