Bug: GMTT Music Distro 1.2 XSS Exploit ( Ascii Version )

Search:
WLB2

GMTT Music Distro 1.2 XSS Exploit

Published
Credit
Risk
2007.06.01
CorryL
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2007-2916
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

-=[--------------------ADVISORY-------------------]=-

GMTT Music Distro

Author: CorryL [corryl80 (at) gmail (dot) com [email concealed]]
-=[-----------------------------------------------]=-

-=[+] Application: GMTT Music Distro
-=[+] Version: 1.2
-=[+] Vendor's URL: http://www.gmtt.co.uk/_catalog/web_stores
-=[+] Platform: WindowsLinuxUnix
-=[+] Bug type: Cross-Site Script
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: http://corryl.altervista.org/
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

PHP Distro is designed to be an online record store,
though you could use it to sell anything. The shop features:
Paypal intergration, Admin add's product, support for cheque / postal order payments and many more.

..::[ Proof Of Concept ]::..

http://remote-server/path/showown.php?st=XSS

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version