IGeneric Free Shopping Cart Cross-Site Scripting Vulnerability
BID:9773
Info
IGeneric Free Shopping Cart Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9773 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2004 12:00AM |
| Updated: | Mar 01 2004 12:00AM |
| Credit: | Disclosure of this issue has been credited to David Sopas Ferreira <[email protected]> |
| Vulnerable: |
iGeneric Free Shopping Cart 1.4 |
| Not Vulnerable: | |
Discussion
IGeneric Free Shopping Cart Cross-Site Scripting Vulnerability
It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters
Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
It has been reported that iGeneric Free Shopping Cart is prone to a cross-site vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters
Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
Exploit / POC
IGeneric Free Shopping Cart Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
page.php?page_type=catalog_products&type_id[]=%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
No exploit is required to leverage this issue. The following proof of concept has been provided:
page.php?page_type=catalog_products&type_id[]=%3Cscript%3Ealert(document.domain);%3C/script%3E&SESSION_ID={SESSION_ID}&SESSION_ID=
Solution / Fix
IGeneric Free Shopping Cart Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
IGeneric Free Shopping Cart Cross-Site Scripting Vulnerability
References:
References:
- iG FREE Shopping Cart v1.4 (SystemSecure.org)
- iG Shop Product Page (iGeneric)