# TITLE ....... # Information disclosure in Quick.Cart_v5.0 ............ # # DATE ........ # 18.03.2012 .......................................... # # AUTOHR ...... # http://hauntit.blogspot.com ......................... # # SOFT LINK ... # http://http://opensolution.org/ .................... # # VERSION ..... # ............................................... # # TESTED ON ... # LAMP ................................................ # # ..................................................................... # # 1. What is this? # 2. What is the type of vulnerability? # 3. Where is bug :) # 4. More... #............................................# # 1. What is this? "Fast and simple shopping cart". You should try it! ;) #............................................# # 2. What is the type of vulnerability? Set cookie to "http://somethi.ng" to see: "Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /www/Quick.Cart_v5.0/index.php on line 17 " #............................................# # 3. Where is bug :) #............................................# # 4. More... - http://hauntit.blogspot.com - http://www.google.com - http://portswigger.net #............................................# # Best regards #