We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
|
|
Indonesia Security Development Team (Indohack)
http://indohack.sourceforge.net/drponidi
===========================================================================
Security Advisory
Advisory Name: JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks
Platform: Linux (Any), UNIX (Any), Windows (Any)
Release Date: 22/8/04
Author: Dr`Ponidi
Discover by: Dr`Ponidi
Vendor Status: Notified
Vendor URL: http://jshop.co.uk/products_jss.php
Reference: http://indohack.sourceforge.net/drponidi
ContactPerson: #dhegleng, #Indohack [at] dalnet
[Overview]
JShop is a e-commerce system designed for servers that support
both PHP and mySQL. Featuring a wealth of features for high-end e-commerce systems,
such as customer accounts, stock control and order processing, JShop is designed
for those companies wanting to offer a greater level of service to their on-line customers.
[Proof of Concept]
http://vulnerable/page.php?xPage=
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2010 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
