lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <405194AE.5000803@s-quadra.com>
Date: Fri, 12 Mar 2004 13:45:02 +0300
From: S-Quadra Security Research <research@...uadra.com>
To: bugtraq <bugtraq@...urityfocus.com>,
   full-disclosure <full-disclosure@...ts.netsys.com>
Subject: Dogpatch Software CFWebstore 5.0 shopping cart software multiple
 security vulnerabilities


        S-Quadra Advisory #2004-03-12

Topic: Dogpatch Software CFWebstore 5.0 shopping cart software multiple 
security vulnerabilities
Severity: High
Vendor URL: http://www.cfwebstore.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040312.txt
Release date: 12 Mar 2004

 1. DESCRIPTION

 "CFWebstore® is a completely integrated shopping cart and ecommerce 
solution
written in Cold Fusion. Customize the templates or utilize the built-in 
store
settings to create your own custom store. CFWebstore can handle just about
anything you want to accomplish in putting your business on the web!" -
www.cfwebstore.com site says. Please visit www.cfwebstore.com site for more
information about this software.

 2. DETAILS

 -- Vulnerability 1: SQL Injection vulnerability

 An SQL Injection vulnerability has been found in the index.cfm script. 
User
supplied input parameters named 'category_id', 'product_id' and 
'feature_id' is
not filtered before being used in a SQL query. Consequently, query 
modification
using malformed input is possible.

 Successful exploitation of this vulnerability can enable an attacker to 
execute
commands in the system (via MS SQL xp_cmdshell function).

 -- Vulnerability 2: Cross Site Scripting vulnerability in 'index.cfm'

 By injecting specially crafted javascript code in URL and tricking a 
user to visit
it a remote attacker can steal user session id and gain access to user's 
personal data.

 3. FIX INFORMATION

 S-Quadra alerted CFWebstore development team on these issues on 04 Mar 
2004.
Dogpatch Software response:
 "The 5.0.1 version of CFWebstore has been released which addresses all the
security issues previously mentioned. We recoded the validation we were 
using to
a more standard method and added additional validations for some areas 
that had
not been mentioned, due to our use of the Fusebox methodology, which 
allows a
user with knowledge of the application to tap into areas other than through
typical URL variables."

 4. CREDITS

 Nick Gudov, chief security researcher at S-Quadra <cipher@...uadra.com> has
detected above mentioned vulnerabilities.

 5. ABOUT

 S-Quadra dedicates its substantial knowledge and resources to managing
clients' IT security risks. S-Quadra audits and protection for software
and networks implement pioneering methods and ground-breaking
technologies.

        S-Quadra Advisory #2004-03-12

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ