CartWIZ error.asp message Variable XSS

2005-04-23T04:52:47
ID OSVDB:15778
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-04-23T04:52:47

Description

Vulnerability Description

CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the error.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the error.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/cartWiz/store/error.asp?message='"><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.cartwiz.com/ Security Tracker: 1013792 Secunia Advisory ID:15055 Related OSVDB ID: 15771 Related OSVDB ID: 15773 Related OSVDB ID: 15772 Related OSVDB ID: 15775 Related OSVDB ID: 15774 Related OSVDB ID: 15776 Related OSVDB ID: 15779 Related OSVDB ID: 15780 Related OSVDB ID: 15777 Other Advisory URL: http://www.digitalparadox.org/advisories/cartwiz.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0385.html