osCommerce admin/languages.php page Variable XSS

2006-10-04T10:19:29
ID OSVDB:29799
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2006-10-04T10:19:29

Description

Vulnerability Description

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the admin/languages.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the admin/languages.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/catalog/admin/languages.php?page=1[XSS-code]

References:

Vendor URL: http://www.oscommerce.com/ Security Tracker: 1016979 Secunia Advisory ID:22275 Related OSVDB ID: 29800 Related OSVDB ID: 29801 Related OSVDB ID: 29803 Related OSVDB ID: 29804 Related OSVDB ID: 29805 Related OSVDB ID: 29808 Related OSVDB ID: 29810 Related OSVDB ID: 29795 Related OSVDB ID: 29797 Related OSVDB ID: 29811 Related OSVDB ID: 29796 Related OSVDB ID: 29806 Related OSVDB ID: 29807 Related OSVDB ID: 29798 Related OSVDB ID: 29802 Related OSVDB ID: 29809 Other Advisory URL: http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html ISS X-Force ID: 29355 FrSIRT Advisory: ADV-2006-3917 CVE-2006-5190 Bugtraq ID: 20343