xt:Commerce possible DoS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: xt:Commerce possible DoS
From: decoder-bugtraq@xxxxxxxxxxxx
Date: 23 May 2008 15:56:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello,

I've found a suspicious behavior of the xt:Commerce shop software (only 
verified in their demo shop).

When entering "<>>" as a search query in the Quick Purchase field at the left 
side of the shop, I get:

Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 
8388611 bytes) in 
/is/htdocs/wp1052946_X4Y7B4PF21/www/includes/classes/class.inputfilter.php on 
line 136

This looks very much like a problem in the input filter that causes too much 
memory to be allocated (and that could of course be used for DoS)

Unfortunately, the source code is not available freely, so I cannot investigate 
this further. If anyone has the source code available, feel free to check out 
the specific region in the input filter.

I informed the company but they closed my ticket without any response, and even 
after I reopened it, there hasn't been any feedback for almost 2 weeks now.


Best regards,


Christian Holler

Prev by Date: rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
Next by Date: [ MDVSA-2008:106 ] - Updated gnutls packages fix denial of service vulnerabilities
Previous by thread: rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl
Next by thread: Re: xt:Commerce possible DoS
Index(es):
- Date
- Thread