Squirrelcart 3.5.4 Cross Site Scripting

2013-02-20T00:00:00
ID PACKETSTORM:120402
Type packetstorm
Reporter LiquidWorm
Modified 2013-02-20T00:00:00

Description

                                        
                                            `  
Squirrelcart v3.5.4 (table) Remote Cross-Site Scripting Vulnerability  
  
  
Vendor: Lighthouse Development  
Product web page: http://www.squirrelcart.com  
Affected version: v2.0.0 - 3.5.4  
  
Summary: Squirrelcart PHP Shopping Cart software is a fully customizable,  
robust php shopping cart, designed with the advanced developer and web  
novice in mind.  
  
Desc: Squirrelcart suffers from a XSS issue due to a failure to properly  
sanitize user-supplied input to the 'table' GET parameter in the 'index.php'  
script. Attackers can exploit this weakness to execute arbitrary HTML and  
script code in a user's browser session.  
  
Tested on: Linux, Apache, PHP, MySQL  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience.mk  
  
  
Vendor status:  
  
[17.02.2013] Vulnerability discovered.  
[19.02.2013] Contact with the vendor.  
[19.02.2013] Vendor responds asking more details.  
[19.02.2013] Sent details to the vendor.  
[19.02.2013] Vendor confirms the vulnerability.  
[19.02.2013] Vendor releases version 3.5.5 to address this issue.  
[19.02.2013] Coordinated public security advisory released.  
  
  
Advisory ID: ZSL-2013-5128  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5128.php  
  
Vendor ID: SC130218  
Vendor URL: http://www.squirrelcart.com/downloads.php  
Vendor Patch: http://www.squirrelcart.com/index.php?downloads=1&id=123  
  
  
17.02.2013  
  
--  
  
  
http://192.168.16.101/index.php?show_record_links=1&table=Products"><script>alert(251);</script>&add_new_item=1  
`