Praetorian503 Posted December 25, 2012 Report Posted December 25, 2012 CubeCart versions 5.0.7 and below suffer from an open URL redirection vulnerability.1. OVERVIEWCubeCart 5.0.7 and lower versions are vulnerable to Open URL Redirection.2. BACKGROUNDCubeCart is an "out of the box" ecommerce shopping cart softwaresolution which has been written to run on servers that have PHP &MySQL support. With CubeCart you can quickly setup a powerful onlinestore which can be used to sell digital or tangible products to newand existing customers all over the world.3. VULNERABILITY DESCRIPTIONCubeCart 5.0.7 and lower versions contain a flaw that allows a remotecross site redirection attack. This flaw exists because theapplication does not properly sanitise the "redir" parameter. Thisallows an attacker to create a specially crafted URL, that if clicked,would redirect a victim from the intended legitimate web site to anarbitrary web site of the attacker's choice.4. VERSIONS AFFECTED5.0.7 and lower5. Affected URL and Parameter/admin.php (redir parameter)/admin.php?redir=//yehg.net/%3f (Redirect after login)6. SOLUTIONUpgrade to the latest CubeCart version - 5.x.7. VENDORCubeCart Development Teamhttp://cubecart.com/8. CREDITAung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.9. DISCLOSURE TIME-LINE2012-03-24: Vulnerability reported2012-12-24: Vulnerability disclosed10. REFERENCESOriginal Advisory URL:http://yehg.net/lab/pr0js/advisories/%5Bcubecart_5.0.7%5D_open_url_redirectionCubeCart Home Page: http://cubecart.com/#yehg [2012-12-24]Source: YGN Ethical Hacker Group :: Security Research Quote