CartWIZ login.asp Multiple Variable XSS

2005-04-23T04:52:47
ID OSVDB:15779
Type osvdb
Reporter Diabolic Crab(dcrab@hackerscenter.com)
Modified 2005-04-23T04:52:47

Description

Vulnerability Description

CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'redirect' or 'message' variables upon submission to the login.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'redirect' or 'message' variables upon submission to the login.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/cartwiz/store/login.asp?message=Please+login+using+the+form+above+to+access+your+account.&redirect='"><script>alert(document.cookie)</script> http://[victim]/cartwiz/store/login.asp?message='"><script>alert(document.cookie)</script>&redirect=

References:

Vendor URL: http://www.cartwiz.com/ Security Tracker: 1013792 Secunia Advisory ID:15055 Related OSVDB ID: 15771 Related OSVDB ID: 15773 Related OSVDB ID: 15772 Related OSVDB ID: 15775 Related OSVDB ID: 15774 Related OSVDB ID: 15776 Related OSVDB ID: 15780 Related OSVDB ID: 15777 Related OSVDB ID: 15778 Other Advisory URL: http://www.digitalparadox.org/advisories/cartwiz.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0385.html