Latest YouTube Video

Saturday, November 14, 2015

[FD] XCart 5.2.6: XSS

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: http://ift.tt/1j0phqZ Vendor Contact: support@x-cart.com Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description There are multiple XSS vulnerabilities in the dialog.php file. This allows an attacker to execute arbitrary JavaScript in the context of the browser of a victim if the victim clicks on an attacker supplied link or visits an attacker controlled website. With this, it is possible to bypass CSRF protection and thus do anything the victim can do, inject a JavaScript keylogger, or perform phishing attacks. 3. Proof of Concept http://localhost/anew/xcart/skins/admin/en/modules/CDev/TinyMCE/js/tinymce/plugins/filemanager/dialog.php?editor=">&lang=">&field_id=">&fldr=">&type=">4. Solution To mitigate this issue please upgrade at least to version 5.2.7: http://ift.tt/1j0phqZ Please note that a newer version might already be available. 5. Report Timeline 08/13/2015 Informed Vendor about Issue 09/03/2015 Vendor Requests more time 10/19/2015 Vendor releases fix 11/04/2015 Disclosed to public Blog Reference: http://ift.tt/1MdaBiT

Source: Gmail -> IFTTT-> Blogger

No comments: