Vulnerability: XSS Vulnerabilities in msg
Description: XSS (Cross Site Scripting) vulnerabilities exist in the msg parameter passed in the URL to many pages. This can be used to run arbitrary code on the website, or redirect to some other malicious script. These pages include:
deliver.asp
error.asp
signin.asp
admin/error.asp
admin/index.asp
Exploit: A test script was used to prove this vulnerability
www.example.com/acart2_0/affected_page.asp?msg= <script>alert("test")</script>
Solution: The developer needs to properly sanitize variables passed through the URL to remove possible malicious code.
Credit: CyberArmy Application and Code Auditing Team
Parag0d
The developer was contacted about this matter but never gave any reply.
