X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability

2012-07-22 / 2012-07-23

Credit: muts

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2012-2570

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

##########################
# Exploit Title: X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
# Date: Jul 21 2012
# Author: muts
# Version: X-Cart Gold 4.5
# Vendor URL: http://www.x-cart.com/
##########################
 
X-Cart Gold implements a degree of XSS filtering but it is incomplete.
The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using
HTML anchor methods and URL encoding.
 
Timeline:
 
29 May 2012: Vulnerability reported to CERT
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
21 Jul 2012: Public Disclosure
 
PoC:
 
http://victim/xcart/products_map?symb=%22%20onmousemove=javascript:eval%28unescape%28%26quot%3balert%28%22xss%22%29%3B%26quot%3B%29%29%3EAAAAAA

References:

http://www.x-cart.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.