SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   CFWebstore Vendors:   Dogpatch Software
CFWebstore Input Validation Bugs Let Remote Users Inject SQL Commands and Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1009403
SecurityTracker URL:  http://securitytracker.com/id/1009403
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 12 2004
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0
Description:   Some vulnerabilities were reported in CFWebstore. A remote user can inject SQL commands. A remote user can also conduct cross-site scripting attacks.

S-Quadra reported that the 'index.cfm' script does not properly filter user-supplied input in the 'category_id', 'product_id', and 'feature_id' parameters. A remote user can supply a specially crafted URL to execute SQL queries on the target system, the report said. A remote user can reportedly invoke the xp_cmdshell() function to execute arbitrary operating system commands on the target system.

It is also reported that a remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the CFWebstore software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The vendor was reportedly notified on March 4, 2004.

Impact:   A remote user can inject SQL commands to execute arbitrary operating system commands on the target system.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the CFWebstore software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   The vendor has released a fixed version (5.0.1). Contact the vendor for an update:

http://www.cfwebstore.com/

Vendor URL:  www.cfwebstore.com/whatsnewdetail.cfm?WhatsNew__WhatsNewID=43 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] Dogpatch Software CFWebstore 5.0 shopping cart software multiple


        S-Quadra Advisory #2004-03-12

Topic: Dogpatch Software CFWebstore 5.0 shopping cart software multiple 
security vulnerabilities
Severity: High
Vendor URL: http://www.cfwebstore.com
Advisory URL: http://www.s-quadra.com/advisories/Adv-20040312.txt
Release date: 12 Mar 2004

 1. DESCRIPTION

solution
written in Cold Fusion. Customize the templates or utilize the built-in 
store
settings to create your own custom store. CFWebstore can handle just about
anything you want to accomplish in putting your business on the web!" -
www.cfwebstore.com site says. Please visit www.cfwebstore.com site for more
information about this software.

 2. DETAILS

 -- Vulnerability 1: SQL Injection vulnerability

 An SQL Injection vulnerability has been found in the index.cfm script. 
User
supplied input parameters named 'category_id', 'product_id' and 
'feature_id' is
not filtered before being used in a SQL query. Consequently, query 
modification
using malformed input is possible.

 Successful exploitation of this vulnerability can enable an attacker to 
execute
commands in the system (via MS SQL xp_cmdshell function).

 -- Vulnerability 2: Cross Site Scripting vulnerability in 'index.cfm'

 By injecting specially crafted javascript code in URL and tricking a 
user to visit
it a remote attacker can steal user session id and gain access to user's 
personal data.

 3. FIX INFORMATION

 S-Quadra alerted CFWebstore development team on these issues on 04 Mar 
2004.
Dogpatch Software response:
 "The 5.0.1 version of CFWebstore has been released which addresses all the
security issues previously mentioned. We recoded the validation we were 
using to
a more standard method and added additional validations for some areas 
that had
not been mentioned, due to our use of the Fusebox methodology, which 
allows a
user with knowledge of the application to tap into areas other than through
typical URL variables."

 4. CREDITS

 Nick Gudov, chief security researcher at S-Quadra <cipher@s-quadra.com> has
detected above mentioned vulnerabilities.

 5. ABOUT

 S-Quadra dedicates its substantial knowledge and resources to managing
clients' IT security risks. S-Quadra audits and protection for software
and networks implement pioneering methods and ground-breaking
technologies.

        S-Quadra Advisory #2004-03-12

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC