osCommerce admin/languages.php lID Variable XSS

2006-11-21T18:18:58
ID OSVDB:33216
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2006-11-21T18:18:58

Description

Vulnerability Description

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'lID' variable upon submission to the 'languages.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'lID' variable upon submission to the 'languages.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/definitiva/admin/languages.php?page=1&lID=3">[XSS-CODE]&action=new

References:

Vendor URL: http://www.oscommerce.com/ Security Tracker: 1017269 Secunia Advisory ID:22275 Related OSVDB ID: 33214 Related OSVDB ID: 33217 Related OSVDB ID: 33218 Related OSVDB ID: 33212 Related OSVDB ID: 33213 Related OSVDB ID: 33215 Other Advisory URL: http://lostmon.blogspot.com/2006/11/oscommerce-multiple-xss-in-admin.html