XT:Commerces prior to 3.04 SP2.1 cross site scripting vulnerability

2010.11.22
Credit: Philipp Niedziela
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#---------------------------------------------------------------------------------- # Cross-Site-Scripting XT:Commerce < 3.04 SP2.1 #---------------------------------------------------------------------------------- # Affected Software .: XT:Commerce < 3.04 SP2.1 # Venedor ...........: http://www.xt-commerce.de # Class .............: XSS # Author ............: Philipp Niedziela # Original advisory .: http://pn-it.com/blog/wp-content/uploads/2010/11/ad01.txt # Contact ...........: pn[-at-]pn-it.com # Date ..............: 2010-11-11 # Tested on: ........: Ubuntu 10.04 / Apache XT:Commerce is prone to a (permanent) XSS. PoC: An attacker needs to create an account, inject javascript into field "street" (e.g. "><script>alert(document.cookie)</script>) and place an order. When the administrator opens the order in the backend of the shop, the javascript will be executed. By getting the cookie of the admin, the attacker gets the session-id and user-id. If binding session and ip is _not_ enabled, the attacker will be able to take over the admin-session. Solution: Enable binding session to IP in the backend of your shop


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top