by r0t,der4444,cembo,VietMafia

Saturday, November 26, 2005

Amazon Shop 5.0.0 XSS vuln.

Amazon Shop 5.0.0 XSS vuln.

Vuln. dicovered by : r0t
Date: 26 nov. 2005
Vendor:http://www.ghostscripter.com/amazon_shop.php
affected version:5.0.0 and prior

Product description:

With Amazon Shop you can run your very own fully functional shop without dealing with stock, payments etc... just setup an Amazon Associate account, install the 'Amazon Shop' script using the easy installation file and your ready to go! You can easily edit which categories and items are displayed on your site. You can offer any of the items that Amazon does and earn upto 15% in referal fees. Built-in shopping cart allows customers to add their product to the cart and leave your website only when ready to checkout at Amazon.com All pages are easily modified via the built in WYSIWYG editor (i.e. 6+) Have mutiple templates installed, insantly changeable through the admin panel. Optional Dynamic Title, Sort Box, Meta Keywords and Path bar Custom Categories & Products Automatic DB fill for Hot Deals & Featured Items. Supports US,UK,DE,JP,FR and CA All languages in language files for easy change Powerful Admin Panel Optional mod_rewrite for search engine friendly urls

Vuln. Description:

Input passed to the "query" parameter in "search.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

example:
/search.php?query=%3Cscript%3Ealert%28%27r0t%27%29%3
C%2Fscript%3E&mode=all&imageField.x=21&imageField.y=4


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew