CactuSoft CactuShop Cross-Site Scripting Vulnerability
BID:10020
Info
CactuSoft CactuShop Cross-Site Scripting Vulnerability
| Bugtraq ID: | 10020 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2004 12:00AM |
| Updated: | Mar 31 2004 12:00AM |
| Credit: | Discovery of this issue is credited to Nick Gudov <[email protected]>. |
| Vulnerable: |
CactuSoft CactuShop 5.1 CactuSoft CactuShop 5.0 |
| Not Vulnerable: | |
Discussion
CactuSoft CactuShop Cross-Site Scripting Vulnerability
Reportedly CactuShop is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.
This issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
Reportedly CactuShop is prone to a remote cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input.
This issue could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.
Exploit / POC
CactuSoft CactuShop Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/popuplargeimage.asp?strImageTag=<script>alert(document.cookie)</script>
http://www.example.com/popuplargeimage.asp?strImageTag=<img+src="uploads/images_products_large/113.gif"%20onLoad="alert(document.cookie)">
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/popuplargeimage.asp?strImageTag=<script>alert(document.cookie)</script>
http://www.example.com/popuplargeimage.asp?strImageTag=<img+src="uploads/images_products_large/113.gif"%20onLoad="alert(document.cookie)">
Solution / Fix
CactuSoft CactuShop Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CactuSoft CactuShop Cross-Site Scripting Vulnerability
References:
References:
- CactuShop (CactuSoft)
- CactuSoft CactuShop 5.x shopping cart software multiple security vulnerabilities (S-Quadra Security Research
)