SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Aktivate Vendors:   Allen and Keul Web Solutions
Allen Keul's Aktivate E-commerce System Allows Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1003010
SecurityTracker URL:  http://securitytracker.com/id/1003010
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 19 2001
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 1.03; possibly other versions
Description:   SecurityOffice.net reported a vulnerability in the Aktivate e-commerce system. A remote user can conduct cross-site scripting attacks, potentially accessing another user's cookies associated with an Aktivate-enabled web site.

It is reported that Aktivate does not properly filter user-supplied input. A remote user can create HTML in a web page or HTML-based e-mail that includes a malicious link to an Aktivate-enabled web site, where the link contains embedded javascript. When that link is accessed by another user, the javascript code will execute on the other user's browser. The code will appear to originate from the web site running the Aktivate commerce system and will execute in that security domain. As a result, the code may be able to access the user's cookies associated with the Aktivate site and take actions on behalf of that user.

The following type of URLs can be used to trigger the vulnerability:

https://[host]/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<IMG%20height=47%20src="http://www.tamersahin.net/images/title.gif"%20width=406%20border=0>

https://[host]/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=<script>alert(document.domain)</script>

Impact:   A remote user can create malicious code that, when executed by another user, may be able to access the other user's cookies associated with an Aktivate-enabled commerce web site and take actions on behalf of that user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.allen-keul.com/aktivate/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  Aktivate Shopping System Cross Site Scripting Vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aktivate Shopping System Cross Site Scripting Vulnerability

Type:
Cross Site Scripting

Release Date:
December 18, 2001

Product / Vendor:
Aktivate is a complete, end-to-end e-commerce solution aimed at Linux
and other Unices. Aktivate is targeted at small to medium sized
businesses or charities who want to accept credit card payments over
the web.

http://www.allen-keul.com/aktivate/

Summary:
Cross Site Scripting, most dynamic websites are still not filtering
user input. This lets remote sites access to write scripts on
vulnerable sites & application, stealing cookies, performing actions
on behalf of user or modifying look of content on site.

https://host/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551
089&desc=<IMG%20height=47%20src="http://www.tamersahin.net/images/titl
e.gif"%20width=406%20border=0>

https://host/aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551
089&desc=<script>alert(document.domain)</script>

Tested:
Aktivate 1.03

Vulnerable:
Aktivate 1.03 (And may be other)

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPB8tqbuLpFMrXtywEQJktwCffYHreLWusnX9YMu9UIDUKON681QAniVK
BzejAgaDcm9KT67ogfMZD75z
=bEZi
-----END PGP SIGNATURE-----





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC