lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 23 Sep 2008 16:04:32 +0200
From: Philipp Hagemeister <phihag@...hag.de>
To: admin@...orsecurity.de
Cc: bugtraq@...urityfocus.com
Subject: Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting
 and Session Fixation Issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

admin@...orsecurity.de wrote:
> (...)
> 1. Cross Site Scripting:
> 1.1 Input passed directly to the "keywords" parameter in "advanced_search_result.php" is not properly sanitised before being returned to the user.
> This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
> 
> 1.2 PoC:
> /advanced_search_result.php?keywords=/>"<script>alert(15)</script>&x=1&y=1
> 
I can't confirm this on xtCommerce 3.0.4. The keywords parameter is
handled frequently, but never printed (and escaped when integrated in
database queries). In which line did you find the vulnerability?

md5sum of my copy (Windows line ending):
89f73d92a197965f6ac2e7cacb091c44  shop/advanced_search_result.php

> (..)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREKAAYFAkjY920ACgkQ9eq1gvr7CFwjAACfYCmdY2kL0gmc1ogZBI9iBIWn
IbwAn0w3CYfy7Xvq24zoL747AxBEMiXI
=p3rQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists