ECW-Shop index.php cat Variable XSS

2003-12-18T07:09:17
ID OSVDB:3073
Type osvdb
Reporter OSVDB
Modified 2003-12-18T07:09:17

Description

Vulnerability Description

ECW-shop 5.5 contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the "cat" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Edit the source code to validate user input

Short Description

ECW-shop 5.5 contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the "cat" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[testing]/index.php?c=srch&cat=%3Cscript%3Ealert(document.domain);%3C/script%3E

References:

Vendor URL: http://soft4e.com/shop.html Security Tracker: 1008522 Secunia Advisory ID:10458 Mail List Post: http://www.derkeiler.com/Mailing-Lists/Securiteam/2003-12/0053.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0213.html ISS X-Force ID: 14032 CVE-2003-1231 Bugtraq ID: 9244