Full Disclosure

Armorize Technologies Security Advisory

Advisory No:
Armorize-ADV-2006-0003

Status:
Full

Date:
2006/9/27

Summary:
Armorize-ADV-2006-0003 discloses multiple cross-site scripting vulnerabilities that are found in Zen Cart, which is a PHP e-commerce shopping program and is Built on a foundation of OScommerce GPL code. It provides an easy-to-setup and run online store.

Affected Software:
Zen Cart 1.3.5
Zen Cart 1.3.2

Vulnerability Description:
Cross-Site Scripting

Analysis/Impact:
Privacy leakages from the client-side may lead to session hijacking, identity theft and information theft.

Detection/Exploit(full):
http://www.example.com/[PATH]/login.php
POST variables admin_name and admin_pass are vulnerable.
http://www.example.com/[PATH]/password_forgotten.php
POST variable admin_email is vulnerable.

Protection/Solution:
1. Escape every questionable URI and HTML script.
2. Remove prohibited user input.

Disclosure Timeline:
2006/09/27 Published partial advisory; Notified vendor
2006/09/29 Received request from Ian Wilson of Zen Cart for more details
2006/10/02 Zen Cart released official patch for this vulnerability
2006/10/04 Published full advisory
2006/10/14 Full disclosure at SecurityFocus mailing list

Credit: Security Team at Armorize Technologies, Inc. (security@armorize.com)


Additional Information:
Link to this Armorize advisory
http://www.armorize.com/advisory.php?Keyword=Armorize-ADV-2006-0003

Links to all Armorize advisories
http://www.armorize.com/advisory/

Links to Armorize vulnerability database
http://www.armorize.com/resources/vulnerability.php

Armorize Technologies is delivering the world’s most advanced source code analysis solution for Web application security based on its award-winning and patent-pending verification technologies. Addressing security early in the software development life cycle (SDLC), Armorize CodeSecure™ proactively identifies and traces vulnerabilities in Web application source code, effectively hardening websites against today’s ever growing security threats. CodeSecure™’s zero-false-positive accuracy, traceback support and Web 2.0-based interface make it the premium Web application security solution. For more information please visit: http://www.armorize.com.