CubeCart Multiple URI Redirection Vulnerabilities

Bugtraq ID:	51966
Class:	Input Validation Error
CVE:	CVE-2012-0865
Remote:	Yes
Local:	No
Published:	Feb 10 2012 12:00AM
Updated:	Feb 22 2012 04:50PM
Credit:	Aung Khant, YGN Ethical Hacker Group, Myanmar.
Vulnerable:	CubeCart CubeCart 3.0.20 CubeCart CubeCart 3.0.17 CubeCart CubeCart 3.0.16 CubeCart CubeCart 3.0.15 CubeCart CubeCart 3.0.14 CubeCart CubeCart 3.0.12 CubeCart CubeCart 3.0.11 CubeCart CubeCart 2.0.7 CubeCart CubeCart 2.0 Brooky CubeCart 2.0.6 Brooky CubeCart 2.0.5 Brooky CubeCart 2.0.4 Brooky CubeCart 2.0.3 Brooky CubeCart 2.0.2 Brooky CubeCart 2.0.1 Brooky CubeCart 2.0 .0
Not Vulnerable:	CubeCart CubeCart 4

CubeCart Multiple URI Redirection Vulnerabilities

CubeCart is prone to a URI-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks; other attacks are possible.

CubeCart 3.0.20 is vulnerable; other versions may also be affected.

CubeCart Multiple URI Redirection Vulnerabilities

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/cube3.0.20/switch.php?r=//yehg.net/&lang=es
http://www.example.com/cube3.0.20/admin/login.php?goto=//yehg.net
http://www.example.com/cube/index.php?act=login&redir=Ly95ZWhnLm5ldC8%3D
http://www.example.com/cube/cart.php?act=reg&redir=L2N1YmUvaW5kZXgucGhwP2FjdD1sb2dpbg%3D%3D

CubeCart Multiple URI Redirection Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

CubeCart Multiple URI Redirection Vulnerabilities

References:

• CubeCart Homepage (CubeCart)
  
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability ([email protected])
  
• CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated] (YGN Ethical Hacker Group)