CosmicShoppingCart search.php query Variable XSS

2006-05-25T09:04:19
ID OSVDB:26090
Type osvdb
Reporter Vympel (Marcelo Almeida)(vympel.br@gmail.com)
Modified 2006-05-25T09:04:19

Description

Vulnerability Description

CosmicShoppingCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'query\' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CosmicShoppingCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \'query\' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user\'s browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

cosmicshop/search.php?query=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E

References:

Vendor URL: http://www.cosmicphp.com/ Security Tracker: 1016164 Secunia Advisory ID:20272 Related OSVDB ID: 26092 Related OSVDB ID: 26089 Related OSVDB ID: 26091 Related OSVDB ID: 26093 Other Advisory URL: http://www.zone-h.org/advisories/read/id=9058 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html Keyword: ZH2006-20 ISS X-Force ID: 26681 FrSIRT Advisory: ADV-2006-1984 CVE-2006-2649