Vulnerability - cpCommerce - XSS

2007.06.05
Credit: jadoba
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

cpcommerce is a FOSS php-based e-commerce (shopping cart) web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the javascript is executed as the rogue client's name appears. Gravity: The attacker can potentially fetch the admin's cookie or do a vast amount of other things. Complication: This is very trivial to reproduce. Anyone with experience coding javascript can presently take advantage of the admin account of any unpatched cpcommerce shopping cart. This is only one aspect of this cross-site scripting vulnerability. I still have yet to test other parts of my site which have user-inputted information such as product reviews and order forms. I tested this with 1.1.0 (the latest version) - the OS is debian etch running apache2, php5 and mysql5. I suspect that earlier versions of cpcommerce are most likely also vulnerable.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top