SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Remote Cart Vendors:   Remote Cart, LLC
Remote Cart Input Validation Bugs Permit Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1013903
SecurityTracker URL:  http://securitytracker.com/id/1013903
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 6 2005
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  

Description:   ComSec from governmentsecurity.org reported a vulnerability in Remote Cart. A remote user can conduct cross-site scripting attacks.

The 'shop.cgi' script does not properly validate user-supplied input in the 'merchant' parameter. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Remote Cart software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit example is provided:

http://[target]/cart/shop.cgi?merchant=%3cscript%3ealert(document.cookie)%3c/script%3e

The 'demo' parameter is also affeted.

The vendor has been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Remote Cart software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.remotecart.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Remote Cart.. javascript XSS leads to cookie , domain and parameter



Product: Remote Cart 

vendor URL : http://www.remotecart.com
 

Product Details:

Now a web site anywhere can have a fully secure shopping cart!
Remote Cart offers any web site on the Internet the ability to conduct
secure e-commerce without any programming skills. All the software is
located on our servers so all you have to do is add a few lines of HTML
to your existing web site and your site now has a complete, secure,
on-line shopping cart. 

Here are just a few of the features of Remote Cart:

Fully secure shopping cart program 
Full featured affiliate program 
Point a vanity or virtual domain to our website and your customers will
never know you outsourced your shopping cart service. 
All shopping cart pages editable on-line. 
Unlimited technical support. 


[quote]Uses both cookies and IP address to track customers. This way you
will never loose an order if a customer has cookies turned off or uses a
proxy server such as AOL. (Both cookies and IP tracking work
independently to ensure your store is compatible with any browser) 
[/quote]

XSS PROBLEMS :

There are several Javascript XSS issues that could involve cookie theft
or disclosure of information , the fact that it stores cookie details of
the user can be open to any person who has access to the online shop ,
an input will also disclose domain name , plus a couple of bugs in the
url parameter path entrys cause a script error messages

Examples:

Cookie :-

http://www.remotecart.com/cart/shop.cgi?merchant=%3cscript%3ealert(document.cookie)%3c/script%3e 

domain:-

http://www.remotecart.com/cart/shop.cgi?merchant=%3cscript%3ealert(document.%20domain)%3c/script%3e

url inputs :

merchant=

http://www.remotecart.com/cart/shop.cgi?merchant=%3cscript%3ealert(%22alert%20Possible%20xss%20target%20%22)%3c/script%3e

demo=

http://www.remotecart.com/cart/shop.cgi?merchant=demo=%3cscript%3ealert(%22alert%20Possible%20xss%20target%20%22)%3c/script%3e


vendor informed : yes


regards 

ComSec
-- 
ComSec

http://www.governmentsecurity.org/forum

http://www.how-to-hack.org
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC