eDatCat XSS vuln.

eDatCat XSS vuln.

Vuln. discovered by : r0t
Date: 15 dec. 2005
vendor:http://www.edatcat.com/
affected version: v3.0 and prior

Product Description:

eDatCat is a fully customizable database and shopping cart system. Features include: real-time UPS shipping, browser-based administration, retail & wholesale pricing, customer accounts, order tracking, powerful inventory controls, wish list, discount support, support for AuthorizeNet/CyberCash/VeriSign and others, completely customizable appearance, and more. eDatCat allows you to design your shopping cart around your site- not your site around your shopping cart. Create a fully tailored, seamless, and powerful e-commerce environment with eDatCat. A fully-functional 10-day trial available for download.

Vuln. Description:

eDatCat contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed "user_action" paremter in "EDCstore.pl" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

example:
/EDCstore.pl?user_action=%22%3E%3Cs
cript%3Ealert('r0t')%3C/script%3E

Solution:
Edit the source code to ensure that input is properly sanitised.