AOH :: Web :: e-commerce, shopping carts

AOH :: Web :: e-commerce, shopping carts :: HACK1243.HTM
Alan Ward Acart XSS vulnerabilities in register.asp

XSS vulnerabilities in register.asp in Alan Ward Acart Vulnerability: XSS vulnerabilities in register.asp Description: The registration form in register.asp does not properly sanitize user input. This means a malicious user can place script into the form fields when they register. The script is stored in the database intact and is called and executed when the data is to be displayed. Exploit: The exploit was proven with a test script placed into several of the form’s fields. <script>alert("test")</script> Solution: The developer needs to properly sanitize user input in the register.asp form. Credit: CyberArmy Application and Code Auditing Team Parag0d The developer was contacted regarding this matter, but never gave a reply.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.