|
Family: General --> Category: infos
osCommerce Malformed Session ID XSS Vulnerability Vulnerability Scan
Vulnerability Scan Summary Detect osCommerce Malformed Session ID XSS
Detailed Explanation for this Vulnerability Test
osCommerce is an online shop e-commerce solution under on going development
by the open source community. Its feature packed out-of-the-box installation
allows store owners to setup, run, and maintain their online stores with
minimum effort and with absolutely no costs or license fees involved.
osCommerce is vulnerable to a XSS flaw. The flaw can be exploited when a
malicious user passes a malformed session ID to URI.
Solution :
This is the response from the developer. To fix the issue, the $_sid parameter
needs to be wrapped around tep_output_string() in the tep_href_link() function
defined in includes/functions/html_output.php.
Before:
if (isset($_sid)) {
$link .= $separator . $_sid
}
After:
if (isset($_sid)) {
$link .= $separator . tep_output_string($_sid)
}
osCommerce 2.2 Milestone 3 will redirect the user to the index page when
a malformed session ID is used, so that a new session ID can be generated.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|