| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201003300613.o2U6DSie004530@www3.securityfocus.com> Date: Tue, 30 Mar 2010 00:13:28 -0600 From: michael.mueller@...egralis.com To: bugtraq@...urityfocus.com Subject: OXID eShop Enterprise: Session Fixation and XSS Vulnerabilities --------------------------------------------- OXID eShop Enterprise Edition - Session Fixation Vulnerability - Stored Cross Site Scripting Vulnerability Date: 30.03.2010 --------------------------------------------- - Description OXID eShop EE is a widespread and popular CMS for online shops. The current release (4.2.0) has been found vulnerable to a session fixation and a XSS attack. - Session Fixation Passing the parameter sid via URL allows an attacker fixate the session ID to a given value. By fooling legitimate users to follow the attacker provided URL with the fixated session ID, the attacker would be able to overtake the users session. Example: http://vulnerable.system.com/index.php?sid=12345 - XSS A stored XSS vulnerability exists in the recommendation list (account_recommlist.php) in the fields recomm_title, recomm_author and recomm_desc. No further example will be given. - Solution Update to version 4.3.0 - Credits The vulnerabilities were discovered by Michael Mueller from Integralis michael#dot#mueller#at#integralis#dot#com - Timeline 23.03.2010 - Vulnerabilities discovered 23.03.2010 - Vendor contacted 23.03.2010 - Initial vendor response 25.03.2010 - Vendor response with ACK and fix date 30.03.2010 - Public disclosure - Reference Vendor Security Information http://wiki.oxidforge.org/Category:Security_bulletins Vendor Homepage http://www.oxid-esales.com/
Powered by blists - more mailing lists