Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: e-commerce, shopping carts :: hack2582.htm

osCommerce Malformed Session ID XSS Vuln
osCommerce Malformed Session ID XSS Vuln

Vendor  : osCommerce

URL     : 

Version : All Current Versions

Risk    : Cross Site Scripting


osCommerce is an online shop e-commerce solution under on going 

development by the open source community. Its feature packed 

out-of-the-box installation allows store owners to setup, run, and 

maintain their online stores with minimum effort and with absolutely 

no costs or license fees involved.


osCommerce is vulnerable to a XSS flaw. The flaw can be exploited when

a malicious user passes a malformed session ID to URI. Below is an

example of the flaw.


This condition seems to affect only secure https connections, but was

convirmed by the developers to affect regular http connections in the

current CVS version of osCommerce.


This is the response from the developer.

To fix the issue, the $_sid parameter needs to be wrapped around 

tep_output_string() in the tep_href_link() function defined in 



if (isset($_sid)) {

$link .= $separator . $_sid;



if (isset($_sid)) {

$link .= $separator . tep_output_string($_sid);


osCommerce 2.2 Milestone 3 will redirect the user to the index page when 

a malformed session ID is used, so that a new session ID can be generated.


Credits go to JeiAr of the GulfTech Security Research Team. 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH