oss-sec mailing list archives
CVE request - TomatoCart 1.1.8.6.1 Multiple Cross-Site Scripting (XSS)
From: haojun hou <haojunhou () gmail com>
Date: Thu, 24 Nov 2016 15:25:10 +0800
Hi: TomatoCart 1.1.8.6.1 - Multiple Cross-Site Scripting (XSS) Procuct: TomatoCart Vendor: TomatoCart http://www.tomatocart.com Vunlerable Version: 1.1.8.6.1 and probably prior Tested Version: 1.1.8.6.1 Author: Haojun Hou in ADLab of Venustech Advisory Details: Haojun Hou in ADLab of Venustech discovered Multiple Cross-Site Scripting (XSS) in TomatoCart 1.1.8.6.1, which can be exploited to add,modify or delete information in application`s database and gain complete control over the application. The vulnerability exists due to insufficientfiltration of user-supplied data in multiple HTTP POST parameters passed to “TomatoCart-v1-released-v1.1.8.6.1/install/templates/pages/step_5.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below uses the "alert()" JavaScript function to see a pop-up messagebox: (1)POST DB_DATABASE= <>"?>";</script><script>alert(1);</script><script>"<?php" (2)POST DB_SERVER_PASSWORD= "?>";</script><script>alert(1);</script><script>"<?php" (3)POST DB_TABLE_PREFIX= "?>";</script><script>alert(1);</script><script>"<?php" (4)POST DB_DATABASE_CLASS= "?>";</script><script>alert(1);</script><script>"<?php" (5)POST DB_SERVER_USERNAME= "?>";</script><script>alert(1);</script><script>"<?php" (6)POST DB_SERVER= "?>";</script><script>alert(1);</script><script>"<?php" Could you please help me assign a CVE for this issue?
Current thread:
- CVE request - TomatoCart 1.1.8.6.1 Multiple Cross-Site Scripting (XSS) haojun hou (Nov 24)