lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Sep 2008 16:04:32 +0200 From: Philipp Hagemeister <phihag@...hag.de> To: admin@...orsecurity.de Cc: bugtraq@...urityfocus.com Subject: Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 admin@...orsecurity.de wrote: > (...) > 1. Cross Site Scripting: > 1.1 Input passed directly to the "keywords" parameter in "advanced_search_result.php" is not properly sanitised before being returned to the user. > This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. > > 1.2 PoC: > /advanced_search_result.php?keywords=/>"<script>alert(15)</script>&x=1&y=1 > I can't confirm this on xtCommerce 3.0.4. The keywords parameter is handled frequently, but never printed (and escaped when integrated in database queries). In which line did you find the vulnerability? md5sum of my copy (Windows line ending): 89f73d92a197965f6ac2e7cacb091c44 shop/advanced_search_result.php > (..) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEAREKAAYFAkjY920ACgkQ9eq1gvr7CFwjAACfYCmdY2kL0gmc1ogZBI9iBIWn IbwAn0w3CYfy7Xvq24zoL747AxBEMiXI =p3rQ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists