CactuShop v5.1 Lite Authors Site: http://www.cactushop.com/ +-[Examples:]--------------------------------------------------+ [1]------------------------------------------------------------+ XSS: http://www.victim.com/cookies_check.asp?page=Default%252Easp&qs='> +-[Notes:]-----------------------------------------------------+ The author made the following statement: "Cactushop lite isn't intended for live web use (its expressly prohibited by the license agreement). see 4. CACTUSHOP LITE IS SUPPLIED FOR THE PURPOSE OF ENABLING POTENTIAL PURCHASERS OF THE FULL VERSION OF CACTUSHOP TO EVALUATE THE SOFTWARE. CACTUSHOP LITE MAY NOT BE USED ON A LIVE WEB SITE WITHOUT THE EXPRESS WRITTEN PERMISSION OF CACTUSOFT. IF YOU WISH TO USE THE SOFTWARE ON A LIVE WEB SITE YOU MUST PURCHASE THE FULL VERSION. We have had security issues with the full version of the software which have all been patched to our knowledge. You can try this test against the full version at http://www.cactushop.com/cs51 ... if you wish. Let me know if you find any security flaws with that version - this is the full one, intended for live web use so that would be something we'd issue fixes for." Vulnerabilities found on: 18/08/2005 Author(s) Informed on: 18/08/2005 Author(s) Response: 18/08/2005 Author(s) Fix: NONE JohnC@NoBytes.com http://www.NoBytes.com