clickandbuild.txt

clickandbuild.txt: Posted Nov 20, 2004; Authored by Andrew Smith; The Click and Build online eCommerce platform suffers from cross site scripting flaws.; tags | advisory, xss; SHA-256 | 6c6ea864e68c41963fd5902ca74a270ebcd833579e2044b24db470808208e7cc; Download | Favorite | View

clickandbuild.txt

ClickandBuild: http://apply.clickandbuild.com/
Online eCommerce platform.

Vulnerability
The vulnerability lies in the "listPos" variable in the script running
at cashncarrion.co.uk.
It does not properly secure user inputted variables, presumably as the
user is not supposed to input the variable but can do easily through
the URL.
I was not able to find any other unchecked variables that are printed,
but there could be more.

More information and examples can be found here:
http://www.wheresthebeef.co.uk/XSS/clicknbuild.html
and here:
http://www.wheresthebeef.co.uk/XSS/cash.n.carrion.co.uk.html

The vendor has been informed and claim to have fixed this problem.
-- 
zxy_rbt2

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

clickandbuild.txt

clickandbuild.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

clickandbuild.txt

Share This

clickandbuild.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems