SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Commerce)  >  Remote Cart Vendors:  Remote Cart, LLC
Remote Cart Input Validation Bugs Permit Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1013903
SecurityTracker URL:  http://securitytracker.com/id?1013903
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 6 2005
Impact:  Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Description:  ComSec from governmentsecurity.org reported a vulnerability in Remote Cart. A remote user can conduct cross-site scripting attacks.

The 'shop.cgi' script does not properly validate user-supplied input in the 'merchant' parameter. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Remote Cart software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit example is provided:

http://[target]/cart/shop.cgi?merchant=%3cscript%3ealert(document.cookie)%3c/script%3e

The 'demo' parameter is also affeted.

The vendor has been notified.
Impact:  A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Remote Cart software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.remotecart.com/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  "ComSec" <deadlink@elitemail.org>
Message History:   None.

 Source Message Contents
Date:  Thu, 05 May 2005 18:13:44 -0700
From:  "ComSec" <deadlink@elitemail.org>
Subject:  Remote Cart.. javascript XSS leads to cookie , domain and parameter

 
 
 
Product: Remote Cart 
 
vendor URL : http://www.remotecart.com
 
 
Product Details:
 
Now a web site anywhere can have a fully secure shopping cart!
Remote Cart offers any web site on the Internet the ability to conduct
secure e-commerce without any programming skills. All the software is
located on our servers so all you have to do is add a few lines of HTML
to your existing web site and your site now has a complete, secure,
on-line shopping cart. 
 
Here are just a few of the features of Remote Cart:
 
Fully secure shopping cart program 
Full featured affiliate program 
Point a vanity or virtual domain to our website and your customers will
never know you outsourced your shopping cart service. 
All shopping cart pages editable on-line. 
Unlimited technical support. 
 
 
[quote]Uses both cookies and IP address to track customers. This way you
will never loose an order if a customer has cookies turned off or uses a
proxy server such as AOL. (Both cookies and IP tracking work
independently to ensure your store is compatible with any browser) 
[/quote]
 
XSS PROBLEMS :
 
There are several Javascript XSS issues that could involve cookie theft
or disclosure of information , the fact that it stores cookie details of
the user can be open to any person who has access to the online shop ,
an input will also disclose domain name , plus a couple of bugs in the
url parameter path entrys cause a script error messages
 
Examples:
 
Cookie :-
 
http://www.remotecart.com/cart/shop.cgi?merchant=%3cscript%3ealert(document.cookie)%3c/script%3e 
 
domain:-
 
http://www.remotecart.com/cart/shop.cgi?merchant=%3cscript%3ealert(document.%20domain)%3c/script%3e
 
url inputs :
 
merchant=
 
http://www.remotecart.com/cart/shop.cgi?merchant=%3cscript%3ealert(%22alert%20Possible%20xss%20target
%20%22)%3c/script%3e
 
demo=
 
http://www.remotecart.com/cart/shop.cgi?merchant=demo=%3cscript%3ealert(%22alert%20Possible%20xss%20t
arget%20%22)%3c/script%3e
 
 
vendor informed : yes
 
 
regards 
 
ComSec
-- 
ComSec
 
http://www.governmentsecurity.org/forum
 
http://www.how-to-hack.org


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC