by r0t,der4444,cembo,VietMafia

Friday, December 23, 2005

AlstraSoft EPay Enterprise v3.0 XSS vuln.

AlstraSoft EPay Enterprise v3.0 XSS vuln.

Vuln. discovered by : r0t
Date: 23 dec. 2005
vendor:www.alstrasoft.com/epay_enterprise.htm
affected version:v3.0 and prior

Product Description:

EPay Enterprise (formally known as DoPays) has been acquired by AlstraSoft and added into our product line with the growing demand for online payment processing business similar to Paypal and Stormpay.com. The most advance and comprehensive version of our EPay series and in the market at the moment, our Enterprise edition not only allows you to start your own payment processor site EPay operators can also offer escrow services with our built in EZ-Escrow module which is great for auction or freelance websites.
EPay Enterprise is the ideal software solution for those who wish to run their own Paypal, Stormpay, or e-gold type of online business. Epay Enterprise comes with a ready out of the box website with all the features you need to run your own payment gateway system at a low price of only $300.


Vuln. Description:

EPay Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to paremters in many fields (see below) isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

/enterprise/members/profile.htm
/enterprise/members/card.htm
/enterprise/members/bank.htm
/enterprise/members/subscriptions.htm
/enterprise/members/send.htm
/enterprise/members/request.htm
/enterprise/members/forgot.htm
/enterprise/members/escrow.htm
/enterprise/members/donations.htm
/enterprise/members/products.htm

Solution:
Edit the source code to ensure that input is properly sanitised.

2 Comments:

Anonymous Anonymous told...

Dosware Team just placed a new topic in their forum, dopays.com about this security bug and it seems then fixes will be available soon...

5:10 PM

 
Anonymous Anonymous told...

New version (2.80) of Dosware Payment Gateway is available here http://www.dopays.com/

1:15 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew