JShop Page.php xPage Variable XSS

2004-08-22T12:00:10
ID OSVDB:9082
Type osvdb
Reporter Dr`Ponidi(drponidi@hackermail.com)
Modified 2004-08-22T12:00:10

Description

Vulnerability Description

JShop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "xPage" variable upon submission to the page.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

JShop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "xPage" variable upon submission to the page.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/page.php?xPage=<SCRIPT>alert(document.cookie)</SCRIPT>

References:

Vendor URL: http://jshop.co.uk/ Security Tracker: 1011020 Secunia Advisory ID:12345 Other Advisory URL: http://www.securiteam.com/unixfocus/5NP0Q0KDPW.html Other Advisory URL: http://indohack.sourceforge.net/drponidi/jshop-vuln.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0297.html Keyword: Indohack CVE-2004-1738