Bugtraq mailing list archives

Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

From: Philipp Hagemeister <phihag () phihag de>
Date: Tue, 23 Sep 2008 16:04:32 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

admin () majorsecurity de wrote:

(...)
1. Cross Site Scripting:
1.1 Input passed directly to the "keywords" parameter in "advanced_search_result.php" is not properly sanitised 
before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected 
site.

1.2 PoC:
/advanced_search_result.php?keywords=/>"<script>alert(15)</script>&x=1&y=1

I can't confirm this on xtCommerce 3.0.4. The keywords parameter is
handled frequently, but never printed (and escaped when integrated in
database queries). In which line did you find the vulnerability?

md5sum of my copy (Windows line ending):
89f73d92a197965f6ac2e7cacb091c44  shop/advanced_search_result.php

(..)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREKAAYFAkjY920ACgkQ9eq1gvr7CFwjAACfYCmdY2kL0gmc1ogZBI9iBIWn
IbwAn0w3CYfy7Xvq24zoL747AxBEMiXI
=p3rQ
-----END PGP SIGNATURE-----

Current thread:

[MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin (Sep 22)
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues Philipp Hagemeister (Sep 23)
- <Possible follow-ups>
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin (Sep 22)