[VIM] My Amazon Store Manager 1.0 - q or Keywords parameter?
Steven M. Christey
coley at mitre.org
Mon Jan 23 13:52:03 EST 2006
Lovely little provenance issue for us ignorant types.
Refs:
BID:16312
FRSIRT:ADV-2006-0252
SECUNIA:18535
OSVDB:22626
Issue:
These VDBs claim that the affected parameter is "q".
I can't figure out where the VDBs got this, since there is no original
raw report. OSVDB thankfully has an archive of the notification here:
MISC:http://osvdb.org/ref/22/22626-my_amazon.txt
but it contains this demonstration URL:
[hostname]musicstore/index.php?Operation=ItemSearch&Keywords="><script>alert(document.cookie)</script>&SearchIndex='
No "q" in sight.
What gives?
- Steve
======================================================
Name: CVE-2006-0334
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0334
Reference: MISC:http://osvdb.org/ref/22/22626-my_amazon.txt
Reference: BID:16312
Reference: URL:http://www.securityfocus.com/bid/16312
Reference: FRSIRT:ADV-2006-0252
Reference: URL:http://www.frsirt.com/english/advisories/2006/0252
Reference: OSVDB:22626
Reference: URL:http://www.osvdb.org/22626
Reference: SECUNIA:18535
Reference: URL:http://secunia.com/advisories/18535
Cross-site scripting (XSS) vulnerability in search.php in My Amazon
Store Manager 1.0 allows remote attackers to inject arbitrary web
script or HTML via the Keywords parameter. NOTE: some sources claim
that the affected parameter is "q", but the only public archive of the
original researcher notification shows an XSS manipulation in
"Keywords".
More information about the VIM
mailing list