[UNIX] ECW Shop Cross-Site Scripting Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 12/18/03
- Previous message: SecuriTeam: "[TOOL] FLoP - Fast Logging Project"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 18 Dec 2003 11:41:42 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
ECW Shop Cross-Site Scripting Vulnerability
------------------------------------------------------------------------
SUMMARY
This e-commerce PHP/MySQL script suffers from a cross-site scripting
vulnerability (CSS/XSS). This can be exploited by including arbitrary HTML
or script code in the variable "cat", which will cause it to be executed
in a user's browser session when viewed.
DETAILS
Vulnerable systems:
* ECW Shop version 5.5
* ECW Shop version 5.01
Exploit:
By using the following URL,
http://vulnerablecode/index.php?c=srch&cat=%3Cscript%3Ealert(document.domain);%3C/script%3E, it is possible to recreate the cross site scripting vulnerability on a remote host.
ADDITIONAL INFORMATION
The information has been provided by <mailto:iamroot@systemsecure.org>
David S. Ferreira.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] FLoP - Fast Logging Project"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NT] Horde Multiple XSS
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... based on PHP and the Horde
Framework." ... Horde is subject to a client side script injection vulnerability
in the ... (Securiteam) - [UNIX] Mantis Bug Tracker Multiple Vulnerabilities
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... any HTML or script code
can be injected. ... * Another XSS vulnerability can be found in the signup.php script
(ex.: ... there is also a remote PHP code execution in the system. ... (Securiteam) - [NEWS] NetworkEverywhere Router Model NR041 Script Injection via DHCP
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Everywhere NR041 Cable/DSL 4-port
router "connects multiple PCs to your ... malicious script code can be ...
The code for such an HTML file is ... (Securiteam) - [NT] Snitz Forum 2000 Cross Site Scripting In User Registration Form
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... A cross site scripting vulnerability
has been found in the user ... When registering a new account the register.asp script fails
to properly ... Vendor Status: ... (Securiteam) - [NEWS] PeopleSoft Grid Option Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Attached to this solution (download
from PeopleSoft Solution ID: ... The script is for Microsoft SQL Server,
if you are on a different Database ... (Securiteam)
