Search the web
Sign In
New User? Sign Up
shopzone · Shop Zone Forum
  • Members Only
  • Post
  • Files
  • Photos
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Show off your group to the world. Share a photo of your group with us.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
Shopzone XSS   Message List  
Reply | Forward Message #91 of 113 |
Hi Steve and thanks for starting this group. I've recently become aware
that shopzone is susceptible to Cross Site Scripting. For example, try
this link:

http://www.kci2.com/st_main.html?Submit=abc123&catid="><script>alert
(document.cookie)</script>

I've tried contacting automatedshops.com, however they seem to be in
some kind of transition, and not too keen on updated the webc code.
Does anyone has any ideas to filter the input/output to prevent this
possibility?
Wed Mar 29, 2006 11:57 pm

Show Message Option
psrubin
Offline Offline
Send Email Send Email

Forward 		Message #91 of 113 |
Expand Messages Author Sort by Date

Hi Steve and thanks for starting this group. I've recently become aware that shopzone is susceptible to Cross Site Scripting. For example, try this link: ... 		psrubin
Offline Send Email 		Mar 29, 2006
11:57 pm

... aware ... try ... Submit=abc123&catid="><script>alert ... in ... this ... Thanks for pointing that out. It doesn't look like anything that I'll try to fix!...
shopzoneforum
Offline Send Email 		Apr 4, 2006
12:48 am

Just wanted to let everyone know that there is a way to block XSS scripting using mod_security. Just thought you might like to know! Paul R. ... example, ... ...
psrubin
Offline Send Email 		Oct 30, 2007
11:38 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help