ProductCart techErr.asp error Variable XSS

2005-04-04T09:38:47
ID OSVDB:15268
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-04-04T09:38:47

Description

Vulnerability Description

ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the techErr.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the techErr.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/productcart/pc/techErr.asp?error=<script>alert(document.cookie)</script>

References:

Vendor URL: http://www.earlyimpact.com Secunia Advisory ID:14833 Related OSVDB ID: 15263 Related OSVDB ID: 15266 Related OSVDB ID: 15267 Related OSVDB ID: 15264 Related OSVDB ID: 15265 Other Advisory URL: http://digitalparadox.org/advisories/prodcart.txt