MyMarket Shopping Cart Input Validation Error Lets Remote Users Conduct Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1005474 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 24 2002
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Exploit Included: Yes
|
Version(s): 1.71
|
Description: An input validation vulnerability was reported in MyMarket, a PHP-based shopping cart. A remote user can conduct cross-site scripting attack to potentially gain access to user accounts on the cart system.
A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed
by the target user's browser. The code will originate from the site running MyMarket and will run in the security context of that
site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated
with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as
the target user.
A demonstration exploit URL is provided (with "i" replaced with "*"):
http://[traget]/templates/form_header.php?noticemsg=<Scr*ipt>javascript:alert
(document.cookie)</Scr*ipt>
The vendor has reportedly been notified.
|
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running MyMarket,
access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
|
Solution: No solution was available at the time of this entry.
The author of the report suggests the following as a solution:
"put this
two lines at the begin of form_header.php"
---- form_header.php -----
<?
$noticemsg = HTMLSpecialChars($noticemsg);
$errormsg = HTMLSpecialChars($errormsg);
...
--------------------------
|
Vendor URL: mymarket.sourceforge.net/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: "qber66" <qber66@pandora.be>
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 11 Sep 2002 20:17:15 +0200
From: "qber66" <qber66@pandora.be>
Subject: XSS bug in MyMarket 1.71
|
+----------------------+
| XSS in MyMarket 1.71 |
+----------------------+
Product Description
===================
MyMarket is a fully functional online shopping catalog system, built using
PHP and MySQL. It was created by Ying Zhang for the purpose of teaching
people about the basics of creating an E-Commerce site. It can be found at
http://mymarket.sourceforge.net/
Vulnerable systems
==================
MyMarket 1.71
Exploit
=======
http://[traget]/templates/form_header.php?noticemsg=<Scr*ipt>javascript:aler
t(document.cookie)</Scr*ipt>
(without "*")
Solution
========
put this two lines at the begin of form_header.php
---- form_header.php -----
<?
$noticemsg = HTMLSpecialChars($noticemsg);
$errormsg = HTMLSpecialChars($errormsg);
...
--------------------------
Vendor response
===============
I submitted this a week ago, the vendor didn't response yet.
------------------------------
Tim Vandermeersch
qber66@pandora.be
http://users.pandora.be/tim/
|
|
