Valdersoft Shopping Cart index.php lang Variable XSS

2005-03-27T22:15:05
ID OSVDB:15055
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-03-27T22:15:05

Description

Vulnerability Description

Valdersoft Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'lang' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 3.0 or higher, obtained from the vendor site on or after March 30, 2005, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

NOTE: The vendor has fixed the vulnerability without changing the version number.

Short Description

Valdersoft Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'lang' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/store/index.php?sid=CDFE279AC2AD08522DF1CF9B46475132&lang=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

References:

Vendor URL: http://www.valdersoft.com/valdersoft_shopping_cart.php Security Tracker: 1013565 Secunia Advisory ID:14719 Related OSVDB ID: 15051 Related OSVDB ID: 15052 Related OSVDB ID: 15053 Related OSVDB ID: 15054 Related OSVDB ID: 15056 Other Advisory URL: http://www.hackerscenter.com/Archive/view.asp?id=1780 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0470.html ISS X-Force ID: 19846 CVE-2005-0908