|
eDatCat XSS vuln.
Vuln. discovered by : r0t
Date: 15 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/edatcat-xss-vuln.html
vendor:http://www.edatcat.com/
affected version: v3.0 and prior
Product Description:
eDatCat is a fully customizable database and shopping cart system.
Features include: real-time UPS shipping, browser-based
administration, retail & wholesale pricing, customer accounts, order
tracking, powerful inventory controls, wish list, discount support,
support for AuthorizeNet/CyberCash/VeriSign and others, completely
customizable appearance, and more. eDatCat allows you to design your
shopping cart around your site- not your site around your shopping
cart. Create a fully tailored, seamless, and powerful e-commerce
environment with eDatCat. A fully-functional 10-day trial available
for download.
Vuln. Description:
eDatCat contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed "user_action" paremter
in "EDCstore.pl" isn't properly sanitised before being returned to the
user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.
example:
/EDCstore.pl?user_action=%22%3E%3Cs
cript%3Ealert('r0t')%3C/script%3E
Solution:
Edit the source code to ensure that input is properly sanitised.
|
