[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HTB22814: XSS vulnerability in ViArt Shop

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: HTB22814: XSS vulnerability in ViArt Shop
From: advisory@xxxxxxxxxxx
Date: Tue, 8 Feb 2011 13:20:00 +0100 (CET)

Vulnerability ID: HTB22814
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_viart_shop.html
Product: ViArt Shop
Vendor: Viart Software ( http://www.viart.com/ ) 
Vulnerable Version: Enterprise v.4.0.5
Vendor Notification: 25 January 2011 
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed
Risk level: Medium 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing 
(http://www.htbridge.ch/) 

Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.

The vulnerability exists due to failure in the "/admin/admin_product.php" 
script to properly sanitize user-supplied input in "item_id" variable. 
Successful exploitation of this vulnerability could result in a compromise of 
the application, theft of cookie-based authentication credentials, disclosure 
or modification of sensitive data.

An attacker can use browser to exploit this vulnerability. The following PoC is 
available:

http://host/admin/admin_product.php?category_id=0&item_id=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Prev by Date: ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
Next by Date: HTB22815: XSS vulnerability in ViArt Shop
Previous by thread: ZDI-11-040: Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
Next by thread: HTB22815: XSS vulnerability in ViArt Shop
Index(es):
- Date
- Thread