TomatoCart 1.1.7 Cross Site Scripting

2012.08.30

Credit: hauntit

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

-------------------------------------------------------------
Name    : TomatoCart 1.1.7 XSS 
-------------------------------------------------------------
Date    : 29.08.2012
-------------------------------------------------------------
Site    : www.tomatocart.com
-------------------------------------------------------------
Version : 1.1.7
-------------------------------------------------------------

1) What is it?
  This is very nice shopping cart software, You should try it! ;)


2) Type of bug?
  XSS


3) Where is the bug?

Try here:
tomatocart/ext/securimage/example_form.ajax.php:39:
            new Ajax.Request('<?php echo $_SERVER['PHP_SELF'] ?>',


4) PoC
  http://host/with/tomato/ext/secureimage/example_from.ajax.php/"></script><whatever.now>


5) More?

http://hauntit.blogspot.com
http://www.portswigger.org  
http://www.tomatocart.com

References:

http://www.tomatocart.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

TomatoCart 1.1.7 Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.