Security Advisory: [UNIX] FreznoShop Cross Site Scripting Vulnerability (search.php)

[EN] securityvulns.ru
no-pyccku

Related information
  CGI bugs
  [Full-Disclosure] [SECURITY] [DSA 420-1] New jitterbug packages fix arbitrary command execution
  Multiple Vulnerabilities in Phorum 3.4.5
  Vuln in PHPGEDVIEW 2.61 Multi-Problem
  [Full-Disclosure] [SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection

From: SECURITEAM <support_(at)_securiteam.com>
Date: 09.01.2004
Subject: [UNIX] FreznoShop Cross Site Scripting Vulnerability (search.php)

The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

FreznoShop Cross Site Scripting Vulnerability (search.php)
------------------------------------------------------------------------

SUMMARY

<https://sourceforge.net/projects/freznoshop/> FreznoShop is "a shopping
cart system which offers all basic functions and is fast and versatile".
This PHP/MySQL e-commerce system, suffers from a Cross Site Scripting
vulnerability. The problem is in the variable "search" in the search.php
file. This can be exploited by including arbitrary HTML or even JavaScript
code in the parameter "search", which will be executed in user's browser
session when viewed.

DETAILS

Vulnerable systems:
* FreznoShop version 1.3.0 RC1 and prior

Immune systems:
* FreznoShop version 1.3.0 RC2

Example:
By submitting the following URL it is possible to test your system for the
mentioned vulnerability:
http://vulnerable/shop/search.php?search=%3Cscript%3Ealert(document.
domain);%3C/script%3E

Vendor status:
This was reported to the coder, who, release a patched version (1.3.0 RC2)
that can be downloaded at <http://www.freznoshop.com>
http://www.freznoshop.com.

ADDITIONAL INFORMATION

The information has been provided by <mailto:iamroot@systemsecure.org>
David S. Ferreira.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages.