DragDropCart 多个跨站脚本攻击漏洞

漏洞ID	1118149	漏洞类型	跨站脚本
发布时间	2009-07-20	更新时间	2009-07-20
CVE编号	CVE-2009-2587	CNNVD-ID	CNNVD-200907-357
漏洞平台	PHP	CVSS评分	4.3

|漏洞来源

https://www.exploit-db.com/exploits/34735
https://www.securityfocus.com/bid/43478
https://cxsecurity.com/issue/WLB-2009070184
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200907-357

|漏洞详情

DragDropCart中存在多个跨站脚本攻击漏洞。远程攻击者能借助(1)assets/js/ddcart.php中的sid参数，(2)includes/ajax/getstate.php中prefix参数，(3)index.php的search参数以及(4)search.php的search参数注入任意的WEB脚本和HTML.

|漏洞EXP

source: http://www.securityfocus.com/bid/43478/info
     
DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
     
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
     
http://www.example.com/demo/productdetail.php?product=1>"><ScRiPt %0A%0D>alert(387540356725)%3B</ScRiPt>

|受影响的产品

DragDropCart DragDropCart 0

|参考资料

来源:XF
名称:dragdropcart-multiple-xss(51877)
链接:http://xforce.iss.net/xforce/xfdb/51877
来源:OSVDB
名称:56071
链接:http://www.osvdb.org/56071
来源:OSVDB
名称:56070
链接:http://www.osvdb.org/56070
来源:OSVDB
名称:56069
链接:http://www.osvdb.org/56069
来源:OSVDB
名称:56067
链接:http://www.osvdb.org/56067
来源:OSVDB
名称:56066
链接:http://www.osvdb.org/56066
来源:OSVDB
名称:56065
链接:http://www.osvdb.org/56065
来源:SECUNIA
名称:35925
链接:http://secunia.com/advisories/35925
来源:MISC
链接:http://packetstormsecurity.org/0907-exploits/dragdopcart-xss.txt