Remote Cart Input Validation Bugs Permit Cross-Site Scripting Attacks
SecurityTracker Alert ID: 1013903|
SecurityTracker URL: http://securitytracker.com/id/1013903
(Links to External Site)
Date: May 6 2005
Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information|
Exploit Included: Yes |
ComSec from governmentsecurity.org reported a vulnerability in Remote Cart. A remote user can conduct cross-site scripting attacks.|
The 'shop.cgi' script does not properly validate user-supplied input in the 'merchant' parameter. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Remote Cart software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A demonstration exploit example is provided:
The 'demo' parameter is also affeted.
The vendor has been notified.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Remote Cart software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.|
No solution was available at the time of this entry.|
Vendor URL: www.remotecart.com/ (Links to External Site)
Input validation error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
Source Message Contents
Product: Remote Cart
vendor URL : http://www.remotecart.com
Now a web site anywhere can have a fully secure shopping cart!
Remote Cart offers any web site on the Internet the ability to conduct
secure e-commerce without any programming skills. All the software is
located on our servers so all you have to do is add a few lines of HTML
to your existing web site and your site now has a complete, secure,
on-line shopping cart.
Here are just a few of the features of Remote Cart:
Fully secure shopping cart program
Full featured affiliate program
Point a vanity or virtual domain to our website and your customers will
never know you outsourced your shopping cart service.
All shopping cart pages editable on-line.
Unlimited technical support.
[quote]Uses both cookies and IP address to track customers. This way you
will never loose an order if a customer has cookies turned off or uses a
proxy server such as AOL. (Both cookies and IP tracking work
independently to ensure your store is compatible with any browser)
XSS PROBLEMS :
or disclosure of information , the fact that it stores cookie details of
the user can be open to any person who has access to the online shop ,
an input will also disclose domain name , plus a couple of bugs in the
url parameter path entrys cause a script error messages
url inputs :
vendor informed : yes