https://www.exploit-db.com/exploits/21184
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-110

Agora.cgi是一个免费，开放源码的网上售货系统。Agora.cgi存在跨站脚本执行漏洞，可以使攻击者通过窃取Cookie等手段获得敏感信息。攻击者可以在运行了Agora.cgi的Web页面上放置包含了任意脚本代码的链接，用户如果点击了该链接，则脚本就会在用户Web浏览器环境下执行。攻击者可能借此收集到用户当前的Cookie，这些Cookie中可能包含有敏感信息。已经证实3.3e版的软件是有此问题的，其它以下的低版本可能也有此问题。

source: http://www.securityfocus.com/bid/3702/info

Agora.cgi is a freely available, open source shopping cart system.

When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be explicitly turned on by an administrator.

As a result, it is possible for an attacker to construct a link to the script that includes maliciously constructed script code. When the link is clicked by a web user, the script code will be executed by the client in the context of the site running Agora.cgi.

This issue may be exploited to by an attacker to steal cookie-based authentication credentials, permitting the attacker to hijack an Agora.cgi session and perform actions as a legitimate user. A number of other cross-site scripting attacks are also possible.

http://agorasite/store/agora.cgi?cart_id=<script>alert(document.cookie)</script>&xm=on&product=HTML

来源:BID
名称:3702
链接:http://www.securityfocus.com/bid/3702
来源:BUGTRAQ
名称:20011217Agoracgiv3.3eCrossSiteScriptingVulnerability
链接:http://www.securityfocus.com/archive/1/246044
来源:XF
名称:agora-cgi-css(7708)
链接:http://www.iss.net/security_center/static/7708.php
来源:www.agoracgi.com
链接:http://www.agoracgi.com/security.html
来源:OSVDB
名称:698
链接:http://www.osvdb.org/698