vendor:
Quick.Cart
by:
Paweł 'kl3ryk' �askarzewski
8.8
CVSS
HIGH
Directory Traversal, Cookie XSS, XSRF and LFI
22, 79, 352, 98
CWE
Product Name: Quick.Cart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Directory Traversal, Cookie XSS, XSRF and LFI Vulnerabilities in Quick.Cart
Directory Traversal vulnerability can be exploited by appending a malicious file path to the URL. Cookie XSS vulnerability can be exploited by changing the cookie “sLogin” and inserting XSS code. XSRF vulnerability can be exploited by submitting a malicious form to the server. LFI vulnerability can be exploited by passing malicious parameters to the script.
Mitigation:
Implement input validation, use secure cookies, use CSRF tokens, and use secure coding practices.