CactuShop popuplargeimage.asp strImageTag Variable XSS

2004-03-31T00:00:00
ID OSVDB:4787
Type osvdb
Reporter Nick Gudov(cipher@s-quadra.com)
Modified 2004-03-31T00:00:00

Description

Vulnerability Description

CactuShop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'strImageTag' parameter upon submission to the 'popuplargeimage.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 5.113 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

CactuShop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'strImageTag' parameter upon submission to the 'popuplargeimage.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/popuplargeimage.asp?strImageTag=<script>alert(document.cookie)</script>

References:

Vendor URL: http://www.cactushop.com/ Security Tracker: 1009601 Secunia Advisory ID:11272 Related OSVDB ID: 4785 Related OSVDB ID: 4786 Other Advisory URL: http://www.s-quadra.com/advisories/Adv-20040331.txt