'Re: [oss-security] CVE Request: PHPShop 0.8.1 <=

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: PHPShop 0.8.1 <= | Cross Site
From:       Josh Bressers <bressers () redhat ! com>
Date:       2011-02-28 20:40:47
Message-ID: 127847674.298986.1298925647709.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2011-1069.

Thanks.

-- 
    JB


----- Original Message -----
> 1. OVERVIEW
> 
> The PHPShop 0.8.1 and lower versions are currently vulnerable to Cross
> Site Scripting.
> 
> 
> 2. BACKGROUND
> 
> PHPShop is a PHP-powered shopping cart application. It is released
> under the GNU General Public License.
> The primary purpose of PHPShop is to provide a simple shopping cart
> solution that is easy to customize to suit any purpose. PHPShop has
> less features that many other shopping cart applications, but is
> generally easier to customize.
> 
> 
> 3. VULNERABILITY DESCRIPTION
> 
> The Query String was not properly sanitized upon submission to the
> /index.php url, which allows attacker to conduct Cross Site Scripting
> attack.
> This may allow an attacker to create a specially crafted URL that
> would execute arbitrary script code in a victim's browser.
> 
> 
> 4. VERSIONS AFFECTED
> 
> PHP 0.8.1 <=
> 
> 
> 5. PROOF-OF-CONCEPT/EXPLOIT
> 
> http://localhost/phpshop0_8_1/?page=store/XSS&%26%26%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E%3d1
> 
> 
> 6. SOLUTION
> 
> The vendor has discontinued this product.
> It is recommended that an alternate software package be used in its
> place.
> 
> 
> 7. VENDOR
> 
> PHPShop Development Team
> http://phpshop.org
> 
> 
> 8. CREDIT
> 
> This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
> Ethical Hacker Group, Myanmar.
> 
> 
> 9. DISCLOSURE TIME-LINE
> 
> 2011-02-25: vulnerability disclosed
> 
> 
> 10. REFERENCES
> 
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/[phpshop_0.8.1]_cross_site_scripting
> Project Home: http://code.google.com/p/phpshop/,
> http://sourceforge.net/projects/phpshop/
> PHPShop Download Stats:
> http://sourceforge.net/projects/phpshop/files/phpshop/0.8.1/stats/timeline?dates=2010-01-01+to+2010-01-01
> XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
> CWE-79: http://cwe.mitre.org/data/definitions/79.html
> 
> 
> #yehg [2011-02-25]
> 
> ---------------------------------
> Best regards,
> YGN Ethical Hacker Group
> Yangon, Myanmar
> http://yehg.net
> Our Lab | http://yehg.net/lab
> Our Directory | http://yehg.net/hwd
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic