SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Actinic Catalog Vendors:   Actinic
Actinic Catalog E-commerce Software Allows Cross-Site Scripting Attacks, Letting Remote Users Steal User Cookies
SecurityTracker Alert ID:  1003502
SecurityTracker URL:  http://securitytracker.com/id/1003502
CVE Reference:   CVE-2002-1732   (Links to External Site)
Updated:  May 20 2008
Original Entry Date:  Feb 10 2002
Impact:   Disclosure of authentication information, Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 4.7.0, prior versions
Description:   A vulnerability was reported in Actinic Catalog, an e-commerce shopping application. A remote user can conduct a cross-site scripting attack to steal user cookies.

It is reported that a remote user can create HTML that, when loaded by a target (victim) user, will cause arbitrary scripting to be executed. The code will appear to originate from the specified site running Actinic Catalog and will execute within that site's security domain. The code will be able to access the target user's cookies associated with the site running the e-commerce software.

The following type of URL can be used, where "[filename]" is one of many files available on the system (see the Source Message for a list of those files):

[filename].pl?<script>alert('CSS')</script>

Some additional URLs can be used to trigger the flaw (see the Source Message for those URLs).

The author of the report has provided additional details (in French language) at:

http://www.bal-team.t2u.com/Tuts/actinic.txt

Impact:   A user can conduct a cross-site scripting attack to execute code on another user's browser and steal that other user's cookies associated with the site running the e-commerce software.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.actinic.com/products/catalog.html (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (NT)
Underlying OS Comments:  Perl-based

Message History:   None.


 Source Message Contents

Subject:  Holes in Actinic E-commerce services.


http://www.actinic.com
http://www.actinic.co.uk/
http://www.actinic-europe.com/
Versions :
4.7.0 & -


With the files :
bb|000|001|.pl
ca|   |002|
os|   |003|
sh|   |004|
ss|   |005|
  |   |006|
  |   |007|
  |   |009|
  |   |010|
  |   |011|
  |   |012|
  |   |020|
  |   |036|
  |   |045|
  |   |046|
  |   |137|
  |   |143|
  |   |410|
referrer.pl

**000***.pl?<script>alert('CSS')</script>


and :

/ca000007.pl?ACTION=SHOWCART&REFPAGE=">[ ANYSCRIPT ]
/ss000007.pl?PRODREF=<--SCRIPT-->
/ca000001.pl?ACTION=SHOWCART&hop="><script>alert('HoP!')</script>&PATH=acatalog%2f
http://www.host.com/ss000007.pl?REFPAGE=http%3A%2F%2Fwere.to.go&PREVQUERY=ACTION%3DSHOWCART&SS=yiiiihaaaaa&PR=-1&TB=A&SHOP=


More details in french :
http://www.bal-team.t2u.com/Tuts/actinic.txt

frog-m@n



_________________________________________________________________
Discutez en ligne avec vos amis, essayez MSN Messenger : 
http://messenger.msn.fr/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC