Oneworldstore Cross Site Scripting

Full Version: Oneworldstore Cross Site Scripting

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Apr 22 2005, 11:54 PM

QUOTE

OneWorldStore Cross Site Scripting and SQL Injection Vulnerabilities
------------------------------------------------------------------------

SUMMARY

<http://oneworldstore.com/> OneWorldStore is a powerful design ASP
shopping cart - "OneWorldStore has all the products you need to start and
maintain a successful Online Business or Web Site(s)."

Flaws in OneWorldStore makes it vulnerable to cross site scripting attacks
and SQL injections.

DETAILS

Vulnerable Systems:
* OneWorldStore.

This flaw exists because the application does not validate 'sIDSearch'
upon submission to the '/owSearch/DisplayResults.asp' script. This could
allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship between
the browser and the server, leading to a loss of integrity.

Proof of Concept:
SQL Injection:
http://[victim]/owSearch/DisplayResults.asp?sIDSearch=15%20or%201=1

Cross-site scripting:
http://[victim]/owSearch/DisplayResults.asp?sIDSearch=15">
<META%20HTTP-EQUIV=Refresh%20CONTENT=0>
http://[victim]/owSearch/DisplayResults.asp?sIDSearch=1"> <h1>lalala</h1>

Vendor Status:
Vendor provided security update:
<http://www.oneworldstore.com/support_security_issue_updates.asp>
http://www.oneworldstore.com/support_secur...sue_updates.asp

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.