oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE Request: PHPShop 0.8.1 <

Re: [oss-security] CVE Request: PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability

From: Josh Bressers <bressers_at_nospam>
Date: Mon Feb 28 2011 - 20:40:47 GMT
To: oss-security@lists.openwall.com

Please use CVE-2011-1069.

Thanks.

-- JB ----- Original Message ----- > 1. OVERVIEW > > The PHPShop 0.8.1 and lower versions are currently vulnerable to Cross > Site Scripting. > > > 2. BACKGROUND > > PHPShop is a PHP-powered shopping cart application. It is released > under the GNU General Public License. > The primary purpose of PHPShop is to provide a simple shopping cart > solution that is easy to customize to suit any purpose. PHPShop has > less features that many other shopping cart applications, but is > generally easier to customize. > > > 3. VULNERABILITY DESCRIPTION > > The Query String was not properly sanitized upon submission to the > /index.php url, which allows attacker to conduct Cross Site Scripting > attack. > This may allow an attacker to create a specially crafted URL that > would execute arbitrary script code in a victim's browser. > > > 4. VERSIONS AFFECTED > > PHP 0.8.1 <= > > > 5. PROOF-OF-CONCEPT/EXPLOIT > > http://localhost/phpshop0_8_1/?page=store/XSS&%26%26%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E%3d1 > > > 6. SOLUTION > > The vendor has discontinued this product. > It is recommended that an alternate software package be used in its > place. > > > 7. VENDOR > > PHPShop Development Team > http://phpshop.org > > > 8. CREDIT > > This vulnerability was discovered by Aung Khant, http://yehg.net, YGN > Ethical Hacker Group, Myanmar. > > > 9. DISCLOSURE TIME-LINE > > 2011-02-25: vulnerability disclosed > > > 10. REFERENCES > > Original Advisory URL: > http://yehg.net/lab/pr0js/advisories/[phpshop_0.8.1]_cross_site_scripting > Project Home: http://code.google.com/p/phpshop/, > http://sourceforge.net/projects/phpshop/ > PHPShop Download Stats: > http://sourceforge.net/projects/phpshop/files/phpshop/0.8.1/stats/timeline?dates=2010-01-01+to+2010-01-01 > XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) > CWE-79: http://cwe.mitre.org/data/definitions/79.html > > > #yehg [2011-02-25] > > --------------------------------- > Best regards, > YGN Ethical Hacker Group > Yangon, Myanmar > http://yehg.net > Our Lab | http://yehg.net/lab > Our Directory | http://yehg.net/hwd