Security and Penetration Testing Portal | CVE-2009-2587 (dragdropcart)

Login

Donate

Hosting, research and development cost money. Help us keep this portal alive.

Donate:

Monthly

Twitter Status

Photocopiers.... a Security Risk ? http://www.arcanesecurity.net/security-videos.html?task=videodirectlink&id=228
Escape the PDF : http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
Stop Pretenses! Secure your Company from Corporate Identity Theft http://ow.ly/1qtpPq
RT @ArcaneSecurity Security and Penetration Testing Portal | A Web Hacking Odyssey - Top Ten Hacks.. http://bit.ly/cQkFNM
RT @ArcaneSecurity Security and Penetration Testing Portal | Advance Web Hacking | ArcaneSecurity.n.. http://ow.ly/1qtflO
Follow On Twitter

available files

3G Security Overview
File Icon

GPRS Security Issues and Solutions
File Icon

The WebSite Attack Guide
File Icon

Ettercap Guide
File Icon

Nessus Manual

Headlines

Featured Videos

development by joommaster team.

CVE-2009-2587 (dragdropcart)

Written by Administrator

Friday, 24 July 2009 00:00

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
Read More