<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.5">
<TITLE>GMTT Music Distro 1.2 Vulnerable to XSS</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>-=[--------------------ADVISORY-------------------]=-<BR>
<BR>
GMTT Music Distro <BR>
<BR>
Author: CorryL [corryl80@gmail.com] <BR>
-=[-----------------------------------------------]=-<BR>
<BR>
<BR>
-=[+] Application: GMTT Music Distro<BR>
-=[+] Version: 1.2<BR>
-=[+] Vendor's URL: <A HREF="http://www.gmtt.co.uk/_catalog/web_stores">http://www.gmtt.co.uk/_catalog/web_stores</A><BR>
-=[+] Platform: Windows\Linux\Unix<BR>
-=[+] Bug type: Cross-Site Script<BR>
-=[+] Exploitation: Remote<BR>
-=[-]<BR>
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~<BR>
-=[+] Reference: <A HREF="http://corryl.altervista.org/">http://corryl.altervista.org/</A><BR>
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck <BR>
<BR>
<BR>
..::[ Descriprion ]::..<BR>
<BR>
PHP Distro is designed to be an online record store,<BR>
though you could use it to sell anything. The shop features:<BR>
Paypal intergration, Admin add's product, support for cheque / postal order payments and many more.<BR>
<BR>
<BR>
..::[ Proof Of Concept ]::..<BR>
<BR>
<A HREF="http://remote-server/path/showown.php?st=XSS">http://remote-server/path/showown.php?st=XSS</A><BR>
</FONT>
</P>
</BODY>
</HTML>