Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

CS-Cart 'index.php' Cross-Site Scripting Vulnerability Rate Topic   - - - - -

 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 27 March 2008 - 06:18 PM #1

Hi All,

Is anyone aware of this Cross-site scripting vulnerability in other versions other than 1.3.2

http://www.securityfocus.com/bid/28333

CS-Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

CS-Cart 1.3.2 is vulnerable; other versions may also be affected.
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6

 
  • gpro
  • Senior Member
  • Members
  • Join Date: 24-Nov 07
  • 166 posts

Posted 27 March 2008 - 06:34 PM #2

I had this alert aswell in hackersafe. But I had scott from the forums secure my webserver :)

 
  • MikeFold
  • Senior Member
  • Members
  • Join Date: 24-Nov 06
  • 1034 posts

Posted 27 March 2008 - 07:15 PM #3

a fix was posted for the 'search' vulnerability
this appears to be the same (based on this reference:
http://www.securityf...rchive/1/489857
but I am not positive

http://forum.cs-cart...28&postcount=11
[SIZE="1"]Seamlessly Upgraded to 1.3.5sp4 from 1.3.4sp3
Live: Playboy Collectors Gallery
(Adult)[/SIZE]

[SIZE="2"]LOOKING FOR A FEW COPIES OF THE NEW LITHUANIA PLAYBOY ISSUES...AND COLOMBIA ISSUES.....
FEEL FREE TO Private Message Me....THANKS[/SIZE]


[SIZE="1"]Slightly Modded Default Red | Zardos Lightbox | Sitemap | Multicards Payment Mod |
Cart & Checkout Pages Modified |
[/SIZE]

 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 28 March 2008 - 08:18 AM #4

HI Mike,
This appears to be a different one
Here is the exploit explained
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
http://www.securityf...d/28333/exploit
It includes a proof of concept. The other issue appears to be an SQL injection.
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6

 
  • wwgreen
  • Senior Member
  • Members
  • Join Date: 20-Nov 06
  • 411 posts

Posted 28 March 2008 - 12:32 PM #5

Earl - Have you brought this to CS's attention? If so, response?

v4.9.3sp1


 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 30 March 2008 - 10:27 AM #6

Yes, it has been reported.
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6

 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 31 March 2008 - 07:22 PM #7

Mike,
You were correct, CS-Cart has confirmed it is the same issue.
http://forum.cs-cart...read.php?t=6896
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6