Quick.Cart version 5.0 suffers from an information disclosure vulnerability.
a4e78a66ca2005751014438bf0abd7f6d82f47a28e89bf0dbf41247eecd31d72
# TITLE ....... # Information disclosure in Quick.Cart_v5.0 ............ #
# DATE ........ # 18.03.2012 .......................................... #
# AUTOHR ...... # http://hauntit.blogspot.com ......................... #
# SOFT LINK ... # http://http://opensolution.org/ .................... #
# VERSION ..... # ............................................... #
# TESTED ON ... # LAMP ................................................ #
# ..................................................................... #
# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...
#............................................#
# 1. What is this?
"Fast and simple shopping cart". You should try it! ;)
#............................................#
# 2. What is the type of vulnerability?
Set cookie to "http://somethi.ng" to see:
"Warning: session_start(): The session id is too long or contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /www/Quick.Cart_v5.0/index.php on line 17 "
#............................................#
# 3. Where is bug :)
#............................................#
# 4. More...
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
#............................................#
# Best regards
#