Wednesday 28 March 2012

[EN] Quick.Cart_v5.0 Information disclosure

# TITLE ....... # Information disclosure in Quick.Cart_v5.0 
# DATE ........ # 18.03.2012 
# AUTOHR ...... # http://hauntit.blogspot.com 
# SOFT LINK ... # http://http://opensolution.org/ 
# VERSION ..... # 5.0
# TESTED ON ... # LAMP
# -----------------------------------------------------------------------  #

# 1. What is this?
# 2. What is the type of vulnerability?
# 3. Where is bug :)
# 4. More...

-----------------------------------------------------------
# 1. What is this?
"Fast and simple shopping cart". You should try it! ;)

# -----------------------------------------------------------  #
# 2. What is the type of vulnerability?
Set cookie to "http://somethi.ng" to see:
"Warning: session_start(): The session id is too long or contains illegal characters,
valid characters are a-z, A-Z, 0-9 and '-,' in /www/Quick.Cart_v5.0/index.php on line 17 "

# ----------------------------------------------------------- #
# 3. Where is bug :)


# ----------------------------------------------------------- #
# 4. More...

- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net

# ----------------------------------------------------------- #
# Best regards
#


No comments:

Post a Comment

What do You think...?