<<< Date Index >>>     <<< Thread Index >>>

Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

admin@xxxxxxxxxxxxxxxx wrote:
> (...)
> 1. Cross Site Scripting:
> 1.1 Input passed directly to the "keywords" parameter in 
> "advanced_search_result.php" is not properly sanitised before being returned 
> to the user.
> This can be exploited to execute arbitrary HTML and script code in a user's 
> browser session in context of an affected site.
> 
> 1.2 PoC:
> /advanced_search_result.php?keywords=/>"<script>alert(15)</script>&x=1&y=1
> 
I can't confirm this on xtCommerce 3.0.4. The keywords parameter is
handled frequently, but never printed (and escaped when integrated in
database queries). In which line did you find the vulnerability?

md5sum of my copy (Windows line ending):
89f73d92a197965f6ac2e7cacb091c44  shop/advanced_search_result.php

> (..)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREKAAYFAkjY920ACgkQ9eq1gvr7CFwjAACfYCmdY2kL0gmc1ogZBI9iBIWn
IbwAn0w3CYfy7Xvq24zoL747AxBEMiXI
=p3rQ
-----END PGP SIGNATURE-----