SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Agora.cgi Vendors:   [Multiple Authors/Vendors]
Agora.cgi Commerce Package Input Filtering Flaw Allows Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1003004
SecurityTracker URL:  http://securitytracker.com/id/1003004
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 18 2001
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network

Version(s): v3.3e; possibly other versions
Description:   A cross-site scripting vulnerability was reported in the Agori.cgi commerce system.

A remote user can write a web page or HTML-based e-mail message containing a link to a vulnerable site running Agora.cgi. If the link contains embedded javascript and is accessed by the target user (i.e., the victim), the javascript will execute in the security domain of the Agora.cgi site and may be able to access the target user's cookies associated with that site. The code could also take actions involving the web site on behalf of the target user.

The following type of URLs can reportedly be used to demonstrate the flaw:

http://[targethost]/store/agora.cgi?cart_id=<IMG%20height=47%20src="http://www.securityoffice.net/images/title.gif"%20width=406%20border=0>&xm=on&product=HTML

http://[targethost]/store/agora.cgi?cart_id=<script>alert(document.cookie)</script>&xm=on&product=HTML

Impact:   A remote user can conduct cross-site scripting attacks using a site running Agora.cgi. A remote user can create javascript that, when executed on another user's browser, may be able to access that user's cookies and other information associated with the site running Agora.cgi.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.agoracgi.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Patch) Re: Agora.cgi Commerce Package Input Filtering Flaw Allows Cross-Site Scripting Attacks
The vendor has released a patch.
(Vendor Provides Clarification Regarding Original Report) Re: Agora.cgi Commerce Package Input Filtering Flaw Allows Cross-Site Scripting Attacks
The vendor has provided some clarification as to what exactly was vulnerable and in which versions this occurred.



 Source Message Contents

Subject:  Agoracgi v3.3e Cross Site Scripting Vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Agoracgi v3.3e Cross Site Scripting Vulnerability

Type:
Cross Site Scripting

Release Date:
December 18, 2001

Product / Vendor:
Agora.cgi is an open source ecommerce solution. Steve Kneizys is the
principle author of this project. The project grew from a couple of
other open source projects. 

http://www.agoracgi.com

Summary:
Cross Site Scripting, most dynamic websites are still not filtering
user input.  This lets remote sites access towrite scripts on
vulnerable sites & application, stealing cookies, performing actions
on behalf of user or modifying look of content on site.

http://www.agoracgi.com/store/agora.cgi?cart_id=<IMG%20height=47%20src
="http://www.securityoffice.net/images/title.gif"%20width=406%20border
=0>&xm=on&product=HTML

http://www.agoracgi.com/store/agora.cgi?cart_id=<script>alert(document
.cookie)</script>&xm=on&product=HTML

Tested:
Agoracgi v3.3e

Vulnerable:
Agoracgi v3.3e (And may be other)

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPB5V+buLpFMrXtywEQInVgCfSWnIa3wUDvwSoDwU7wYkhUG85MgAoI85
L9mB+t3g5i0Ea+Rn8o31y4Fx
=RdM5
-----END PGP SIGNATURE-----





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC