Exploit Database - Logo

GeeCarts - search.php id Parameter Cross-Site Scripting

EDB-ID: 31544 Author: Ivan Sanchez Published: 2008-03-26
CVE: CVE-2008-1621 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/28470/info
 
GeeCarts is prone to multiple input-validation vulnerabilities, including remote file-include and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues may allow an attacker to compromise the application and the underlying system or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site; other attacks are also possible.
 
All versions of GeeCarts are reported vulnerable.

http://www.example.com/search.php?id=[XSS or RFI]

Related Exploits

Trying to match CVEs (1): CVE-2008-1621
Trying to match OSVDBs (1): 44189
Other Possible E-DB Search Terms: GeeCarts
Date D V Title Author
2008-03-26Download Exploit Code Verified GeeCarts - show.php id Parameter Cross-Site ScriptingIvan Sanchez
2008-03-26Download Exploit Code Verified GeeCarts - view.php id Parameter Cross-Site ScriptingIvan Sanchez
Menu