Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70 Aug 15 2016 08:23AM
tal argoni (talargoni gmail com)
Security Advisory
Topic: Reflected Cross Site Scripting (XSS) Vulnerability in
"successful registration" page
Class: Input Validation
Severity: Medium
Discovery: 2016-04-28
Vendor Notification: 2016-04-28
Vendor response: 2016-05-30
Vendor Patch: 2016-05-31
Public Announced: 2016-08-15
Credits: Tal Argoni, CEH from Triad Security [http://www.triadsec.com/]
Affects: nopCommerce, open-source & free e-commerce solution 3.70
Resolved: Version 3.8

I. Background
nopCommerce is open-source e-commerce shopping cart web application
written in MVC.NET. After
anonymous user successfully registered the application, the
application return the user a successful
registration page with "continue to the shop" button. The
redirection's parameter (returnurl) value is
supplied by the user and echo without output validation to the browser.

II. Problem Description
Reflected cross-site scripting vulnerabilities arise when data is
copied from a request and echoed into
the application's immediate response in an unsafe way. The injected
code is not stored within the
application itself; it is only impacts users who open a maliciously
crafted link or third-party web page.
The attack string is included as part of the crafted URI or HTTP
parameters, improperly processed by the
application, and returned to the victim.
Exploit code/POC:

III. Impact
The attacker-supplied code can perform a wide variety of actions, such
as stealing the victim's session
token or login credentials, performing arbitrary actions on the
victim's behalf, and logging their
IV. Workaround
You can work around this problem by doing the following:
1. It is recommended to use HTML-encoded at any point where it is
copied into application

V. Solution
Download vendor patch from http://www.nopcommerce.com .
Update to version 3.8

VI. References

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus