Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: e-commerce, shopping carts :: hack1244.htm

Alan Ward Acart XSS Vulnerabilities
XSS Vulnerabilities in Alan Ward Acart

Vulnerability:	XSS Vulnerabilities in msg

Description:	XSS (Cross Site Scripting) vulnerabilities exist in the msg parameter passed in the URL to many pages.  This can be used to run arbitrary code on the website, or redirect to some other malicious script.  These pages include:






Exploit:	A test script was used to prove this vulnerability <script>alert("test")</script>

Solution:	The developer needs to properly sanitize variables passed through the URL to remove possible malicious code.

Credit:	CyberArmy Application and Code Auditing Team


The developer was contacted about this matter but never gave any reply.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH