Dogpatch Software CFWebstore 5.0 shopping cart software multiple security vulnerabilities
S-Quadra Advisory #2004-03-12
Topic: Dogpatch Software CFWebstore 5.0 shopping cart software multiple
security vulnerabilities
Severity: High
Vendor URL: http://www.cfwebstore.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040312.txt
Release date: 12 Mar 2004
1. DESCRIPTION
"CFWebstore® is a completely integrated shopping cart and ecommerce
solution
written in Cold Fusion. Customize the templates or utilize the built-in
store
settings to create your own custom store. CFWebstore can handle just about
anything you want to accomplish in putting your business on the web!" -
www.cfwebstore.com site says. Please visit www.cfwebstore.com site for more
information about this software.
2. DETAILS
-- Vulnerability 1: SQL Injection vulnerability
An SQL Injection vulnerability has been found in the index.cfm script.
User
supplied input parameters named 'category_id', 'product_id' and
'feature_id' is
not filtered before being used in a SQL query. Consequently, query
modification
using malformed input is possible.
Successful exploitation of this vulnerability can enable an attacker to
execute
commands in the system (via MS SQL xp_cmdshell function).
-- Vulnerability 2: Cross Site Scripting vulnerability in 'index.cfm'
By injecting specially crafted javascript code in URL and tricking a
user to visit
it a remote attacker can steal user session id and gain access to user's
personal data.
3. FIX INFORMATION
S-Quadra alerted CFWebstore development team on these issues on 04 Mar
2004.
Dogpatch Software response:
"The 5.0.1 version of CFWebstore has been released which addresses all the
security issues previously mentioned. We recoded the validation we were
using to
a more standard method and added additional validations for some areas
that had
not been mentioned, due to our use of the Fusebox methodology, which
allows a
user with knowledge of the application to tap into areas other than through
typical URL variables."
4. CREDITS
Nick Gudov, chief security researcher at S-Quadra <cipher@xxxxxxxxxxxx> has
detected above mentioned vulnerabilities.
5. ABOUT
S-Quadra dedicates its substantial knowledge and resources to managing
clients' IT security risks. S-Quadra audits and protection for software
and networks implement pioneering methods and ground-breaking
technologies.
S-Quadra Advisory #2004-03-12