[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: PHPShop 0.8.1 <= | Cross Site
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-02-28 20:40:47
Message-ID: 127847674.298986.1298925647709.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2011-1069.
Thanks.
--
JB
----- Original Message -----
> 1. OVERVIEW
>
> The PHPShop 0.8.1 and lower versions are currently vulnerable to Cross
> Site Scripting.
>
>
> 2. BACKGROUND
>
> PHPShop is a PHP-powered shopping cart application. It is released
> under the GNU General Public License.
> The primary purpose of PHPShop is to provide a simple shopping cart
> solution that is easy to customize to suit any purpose. PHPShop has
> less features that many other shopping cart applications, but is
> generally easier to customize.
>
>
> 3. VULNERABILITY DESCRIPTION
>
> The Query String was not properly sanitized upon submission to the
> /index.php url, which allows attacker to conduct Cross Site Scripting
> attack.
> This may allow an attacker to create a specially crafted URL that
> would execute arbitrary script code in a victim's browser.
>
>
> 4. VERSIONS AFFECTED
>
> PHP 0.8.1 <=
>
>
> 5. PROOF-OF-CONCEPT/EXPLOIT
>
> http://localhost/phpshop0_8_1/?page=store/XSS&%26%26%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E%3d1
>
>
> 6. SOLUTION
>
> The vendor has discontinued this product.
> It is recommended that an alternate software package be used in its
> place.
>
>
> 7. VENDOR
>
> PHPShop Development Team
> http://phpshop.org
>
>
> 8. CREDIT
>
> This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
> Ethical Hacker Group, Myanmar.
>
>
> 9. DISCLOSURE TIME-LINE
>
> 2011-02-25: vulnerability disclosed
>
>
> 10. REFERENCES
>
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/[phpshop_0.8.1]_cross_site_scripting
> Project Home: http://code.google.com/p/phpshop/,
> http://sourceforge.net/projects/phpshop/
> PHPShop Download Stats:
> http://sourceforge.net/projects/phpshop/files/phpshop/0.8.1/stats/timeline?dates=2010-01-01+to+2010-01-01
> XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
> CWE-79: http://cwe.mitre.org/data/definitions/79.html
>
>
> #yehg [2011-02-25]
>
> ---------------------------------
> Best regards,
> YGN Ethical Hacker Group
> Yangon, Myanmar
> http://yehg.net
> Our Lab | http://yehg.net/lab
> Our Directory | http://yehg.net/hwd
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic