https://www.exploit-db.com/exploits/22588
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-096

Happycgi.comHappymall4.3和4.4版本normal_html.cgi存在跨站脚本攻击(XSS)漏洞。远程攻击者借助file参数插入任意web脚本。

source: http://www.securityfocus.com/bid/7557/info

IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI parameters. As a result, it may be possible for an attacker to execute arbitrary script code within the browser of a legitimate user visiting the site. 

http://www.target.com/shop/normal_html.cgi?file=<script>alert("XSS")</script>

来源:BUGTRAQ
名称:20030512OnemoreflawinHappymall
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105276130814262&w;=2
来源:XF
名称:happymall-normalhtml-xss(11988)
链接:http://xforce.iss.net/xforce/xfdb/11988
来源:BID
名称:7557
链接:http://www.securityfocus.com/bid/7557