full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] GMTT Music Distro 1.2 Vuln

[Full-disclosure] GMTT Music Distro 1.2 Vulnerable to XSS

From: <corrado.liotta_at_nospam>
Date: Tue May 22 2007 - 19:14:14 GMT
To: <full-disclosure@lists.grok.org.uk>

-=[--------------------ADVISORY-------------------]=- GMTT Music Distro

  Author: CorryL [corryl80@gmail.com] -=[-----------------------------------------------]=-
-=[+] Application: GMTT Music Distro
-=[+] Version: 1.2
-=[+] Vendor's URL: http://www.gmtt.co.uk/_catalog/web_stores
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Cross-Site Script
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: http://corryl.altervista.org/
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck
..::[ Descriprion ]::..

PHP Distro is designed to be an online record store, though you could use it to sell anything. The shop features: Paypal intergration, Admin add's product, support for cheque / postal order payments and many more.

..::[ Proof Of Concept ]::..

http://remote-server/path/showown.php?st=XSS



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/