Hi, These vulnerabilities are similar, as both of them are issues with the query parameter of the search. However, the issue in version 1.1.2.1 exploits this line:
This issue was fixed in version 1.2 by passing the query parameter to htmlspecialchars before passing it to sprintf. The issue in version 1.3.2 is that the query parameter is also echoed unencoded inside the title tag, which is why the POC contains . Best Curesec Research Team Am 11/18/2015 um 6:50 PM schrieb Henri Salo: > On Fri, Nov 13, 2015 at 05:07:01PM +0100, Curesec Research Team (CRT) wrote: >> 2. XSS 1 >> http://localhost/ecommerce/litecart-1.3.2/public_html/en/search?query=">>> 5. Solution >> To mitigate this issue please upgrade at least to version 1.3.3: > > This seems to be the same vulnerability as CVE-2014-7183[1] found by > Netsparker[2]. CVE-2014-7183 was fixed in version 1.2 according to the > changelog. > > 1: http://ift.tt/1I2eZx2 > 2: http://ift.tt/1vXPYkU > >
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment