PDEstore pdestore.cgi Multiple Variable XSS

2005-12-14T18:05:24
ID OSVDB:21727
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2005-12-14T18:05:24

Description

Vulnerability Description

PDEstore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'product' and 'cart_id' variables upon submission to the 'pdestore.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PDEstore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'product' and 'cart_id' variables upon submission to the 'pdestore.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

/pdestore.cgi?product=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E

/pdestore.cgi?product=jewelry&cart_id=%22%3E%3Cscript%3Ealert('r0t')%3C/script%3E

References:

Vendor URL: http://www.smart-choices.org/docs/pdestore.html Secunia Advisory ID:18042 Other Advisory URL: http://pridels.blogspot.com/2005/12/pdestore-xss-vuln.html FrSIRT Advisory: ADV-2005-2912 CVE-2005-4285 Bugtraq ID: 15898