[UNIX] ECW Shop Cross-Site Scripting Vulnerability

From: SecuriTeam (support_at_securiteam.com)
Date: 12/18/03

  • Next message: SecuriTeam: "[UNIX] Cyrus IMSP Remote Root Vulnerability" 
    To: list@securiteam.com
Date: 18 Dec 2003 11:41:42 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      ECW Shop Cross-Site Scripting Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

    This e-commerce PHP/MySQL script suffers from a cross-site scripting
    vulnerability (CSS/XSS). This can be exploited by including arbitrary HTML
    or script code in the variable "cat", which will cause it to be executed
    in a user's browser session when viewed.

    DETAILS

    Vulnerable systems:
     * ECW Shop version 5.5
     * ECW Shop version 5.01

    Exploit:
    By using the following URL,
    http://vulnerablecode/index.php?c=srch&cat=%3Cscript%3Ealert(document.domain);%3C/script%3E, it is possible to recreate the cross site scripting vulnerability on a remote host.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:iamroot@systemsecure.org>
    David S. Ferreira.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[UNIX] Cyrus IMSP Remote Root Vulnerability"

    Relevant Pages

    • [NT] Horde Multiple XSS
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... based on PHP and the Horde Framework." ... Horde is subject to a client side script injection vulnerability in the ...
      (Securiteam)
    • [UNIX] Mantis Bug Tracker Multiple Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... any HTML or script code can be injected. ... * Another XSS vulnerability can be found in the signup.php script (ex.: ... there is also a remote PHP code execution in the system. ...
      (Securiteam)
    • [NEWS] NetworkEverywhere Router Model NR041 Script Injection via DHCP
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Everywhere NR041 Cable/DSL 4-port router "connects multiple PCs to your ... malicious script code can be ... The code for such an HTML file is ...
      (Securiteam)
    • [NT] Snitz Forum 2000 Cross Site Scripting In User Registration Form
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A cross site scripting vulnerability has been found in the user ... When registering a new account the register.asp script fails to properly ... Vendor Status: ...
      (Securiteam)
    • [NEWS] PeopleSoft Grid Option Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Attached to this solution (download from PeopleSoft Solution ID: ... The script is for Microsoft SQL Server, if you are on a different Database ...
      (Securiteam)