Praetorian503 Posted December 25, 2012 Report Posted December 25, 2012 CubeCart versions 4.4.6 and below suffer from an open URL redirection vulnerability.1. OVERVIEWCubeCart 4.4.6 and lower versions are vulnerable to Open URL Redirection.2. BACKGROUNDCubeCart is an "out of the box" ecommerce shopping cart softwaresolution which has been written to run on servers that have PHP &MySQL support. With CubeCart you can quickly setup a powerful onlinestore which can be used to sell digital or tangible products to newand existing customers all over the world.3. VULNERABILITY DESCRIPTIONCubeCart 4.4.6 and lower versions contain a flaw that allows a remotecross site redirection attack. This flaw exists because theapplication does not properly sanitise the parameters, "r" and"redir". This allows an attacker to create a specially crafted URL,that if clicked, would redirect a victim from the intended legitimateweb site to an arbitrary web site of the attacker's choice.4. VERSIONS AFFECTED4.4.6 and lower5. Affected URLs and Parameters/index.php (r parameter)/index.php (redir parameter)/index.php?_g=sw&r=//yehg.net//index.php?_a=login&redir=//yehg.net6. SOLUTIONThe CubeCart 4.x version family is no longer maintained by the vendor.Upgrade to the currently supported latest latest CubeCart version - 5.x.7. VENDORCubeCart Development Teamhttp://cubecart.com/8. CREDITAung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.9. DISCLOSURE TIME-LINE2012-06-22: CubeCart 4.x in End-of-Support/Maintenance circle2012-12-24: Vulnerability disclosed10. REFERENCESOriginal Advisory URL:http://yehg.net/lab/pr0js/advisories/%5Bcubecart_4.4.6%5D_open_url_redirectionCubeCart Home Page: http://cubecart.com/CubeCart Bug-Fix Announcement:http://forums.cubecart.com/topic/45456-cubecart-447-released/CubeCart4 End-of-Life Announcement:http://forums.cubecart.com/topic/46765-cubecart-v4-end-of-life-saturday-22-december/#yehg [2012-12-24]---------------------------------Best regards,YGN Ethical Hacker GroupYangon, Myanmarhttp://yehg.netOur Lab | http://yehg.net/labOur Directory | http://yehg.net/hwdSource: YGN Ethical Hacker Group :: Security Research Quote