Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978
- From: Rodrigo Branco <rbranco@xxxxxxxxxxxxxx>
- Date: Mon, 8 Nov 2010 06:53:16 -0800
I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability.
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
Spree e-commerce JSON Hijacking Vulnerabilities
Spree e-commerce is an open source commerce platform written for the Ruby on Rails framework supporting "Over 100 extensions created by our active and dedicated community".
This problem was confirmed in the following versions of the Spree e-commerce, other versions maybe also affected.
All 0.11.x versions
The upcoming code 0.30.x versions
CVSS Scoring System
The CVSS score is: 2.7
Base Score: 3.3
Temporal Score: 2.7
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:N/A:N
Temporal score is: E:F/RL:OF/RC:C
There are multiple JSON Hijacking vulnerabilities and as result, an attacker can steal confidential information such as: product costs, price and quantities and users email, encrypted password, tokens, OpenID identifier, phone and address as well as orders count and values by period.
The affected pages are:
Proof of concept exploitation code is available to interested parties.
This vulnerability has been brought to our attention by Gabriel Quadros from Conviso IT Security company (http://www.conviso.com.br) and researched internally by Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT).
Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies
- Prev by Date: some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability)
- Next by Date: Seo Panel 2.1.0 - Critical File Disclosure
- Previous by thread: some ooold Juniper bugs (was: [Full-disclosure] ZDI-10-231: Juniper Secure Access Series meeting_testjava.cgi XSS Vulnerability)
- Next by thread: Seo Panel 2.1.0 - Critical File Disclosure