SoftMaker Shop is vulnerable to XSS

2006.02.03

Credit: Preben Nylokken

Risk: Low

Local: Yes

Remote: Yes

CVE: CVE-2006-0532

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Inputs in the SoftMaker Shop is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters.
Some fields have been filtered in a basic form, so that simple scripting like "<script>alert('XSS')</script>" is not possible. However, since the filtering is not based on white listing you can conduct successful XSS attacks with code like "<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>".
PoC: http://www.example.example/shop/handle/varer/sok/resultat.asp?strSok=%3C
IMG+SRC%3Djavascript%3Aalert%28%26quot%3BXSS%26quot%3B%29%3E&valg=varer
Vendors site:http://www.softmaker.no
Please credit to: Preben Nyl?kken

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SoftMaker Shop is vulnerable to XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.